31 matches found
CVE-2026-28507
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
Command Injection
idno/known is vulnerable to Command Injection. The vulnerability is due to improper handling of file imports combined with template path traversal, which allows an attacker to write malicious files and execute arbitrary code on the server...
CVE-2026-28507
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
CVE-2026-28508 Idno: Unauthenticated SSRF via URL Unfurl Endpoint
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoin...
CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
CVE-2026-28507
CVE-2026-28507 affects Idno (social publishing platform). Public disclosures and Red Hat/Veracode entries describe two chained vulnerabilities leading to remote code execution: 1) Arbitrary PHP file write during WordPress import via importImagesFromBodyHTML, leveraging uncontrolled outbound fopen...
CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
Idno 操作系统命令注入漏洞
Idno is a social content publishing platform developed by Idno OpenSource. Versions of Idno prior to 1.6.4 contained a vulnerability related to operating system command injection. This vulnerability stemmed from write operations on linked import files and path traversal through templates, which...
Idno 代码问题漏洞
Idno is a social content publishing platform developed by Idno OpenSource. Versions of Idno prior to 1.6.4 contained code vulnerabilities. These vulnerabilities stemmed from logical errors in the API authentication process, which could allow unverified remote attackers to bypass the CSRF protecti...
Command Injection
Overview idno/known is an A social publishing platform Affected versions of this package are vulnerable to Command Injection through the importImagesFromBodyHTML process and unsanitized template parameter handling. An attacker can execute arbitrary operating system commands as the web server user...
Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal
Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...
GHSA-FCRH-FQXH-6FX6 Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint
Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server ...
Server-side Request Forgery (SSRF)
Overview idno/known is an A social publishing platform Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Session::tryAuthUser authentication flag handling and UnfurledUrl::unfurl resolution in Idno/Core/Session.php and Idno/Entities/UnfurledUrl.php. An...
Idno Vulnerable to Unauthenticated SSRF via URL Unfurl Endpoint
Summary A logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server ...
PT-2026-22995
Name of the Vulnerable Software and Affected Versions Idno versions prior to 1.6.4 Description A flaw exists in the API authentication flow of Idno that allows bypassing of CSRF protection on the URL unfurl service endpoint. This is due to the absence of a login requirement on the endpoint and a...
PT-2026-22994
Name of the Vulnerable Software and Affected Versions Idno versions prior to 1.6.4 Description Idno, a social publishing platform, contains a remote code execution vulnerability that can be triggered through a chained sequence of issues. Specifically, a web application administrator can be...
CVE-2024-5393
A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file listofcourse.php. The manipulation of the argument idno leads to sql injection. It is possible to initiate the attack remotely. The exploit...
CVE-2024-5393
A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file listofcourse.php. The manipulation of the argument idno leads to sql injection. It is possible to initiate the attack remotely. The exploit...