274 matches found
Remote code execution
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an destruct magic metho...
CVE-2021-25294
OpenCATS up to version 0.9.5-3 is affected by CVE-2021-25294 due to unsafe deserialization in lib/DataGrid.php. The vulnerability deserializes index.php?m=activity requests via unserialize on the parameters activity:ActivityDataGrid, enabling a PHP object injection chain that can leverage a __des...
CVE-2021-25294
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an destruct magic metho...
CVE-2021-25295
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting XSS issues...
CVE-2021-25295
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) vulnerabilities. Affected product is OpenCATS (v0.9.5-3 and earlier per CNVD/NVD entries). The issue arises in the web application, with XSS described across multiple CVE records and mirrored in Red Hat, CNVD, OSV, and CVE registrie...
OpenCats 代码问题漏洞
OpenCATS is a free open source candidate/applicant tracking system designed to allow recruiters to manage the hiring process from job posting and candidate application to candidate selection and submission. A remote code execution vulnerability exists in OpenCATS version 0.9.5-3 and earlier. The...
OpenCats 跨站脚本漏洞
OpenCATS is a free open source candidate/applicant tracking system designed to allow recruiters to manage the hiring process from job posting and candidate application to candidate selection and submission. A cross-site scripting vulnerability exists in OpenCATS 0.9.5-3 and earlier versions. An...
OpenCATS v0.9.4-3 - Multiple Cross Site Vulnerabilities
Document Title: =============== OpenCATS v0.9.4-3 - Multiple Cross Site Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2232 Release Date: ============= 2020-04-28 Vulnerability Laboratory ID VL-ID: ====================================...
OpenCats Cross-Site Scripting Vulnerability
OpenCats is an open source recruitment process management system. A cross-site scripting vulnerability exists in the lib/DocumentToText.php file in versions of OpenCats prior to 0.9.4-3. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attack...
CVE-2019-13358
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...
CVE-2019-13358
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...
Format string
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...
CVE-2019-13358
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format...
CVE-2019-13358
OpenCats prior to 0.9.4-3 contains an XXE in lib/DocumentToText.php that lets remote attackers read files on the underlying OS. Exploitation requires the attacker to upload a docx or odt document, triggering the entity processing. The issue is associated with OpenCats 0.9.4-3 and earlier, with fi...