CVE-2022-50686

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

CVE-2022-50686

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

CVE-2022-50686 Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

CVE-2022-50686

CVE-2022-50686 affects Kentico Xperience (

CVE-2022-50686 Kentico Xperience <= 12.0 Portal Engine Form Control Information Disclosure

An information disclosure vulnerability in Kentico Xperience allows attackers to view sensitive stack trace details via Portal Engine form control error messages. Detailed error messages can expose internal system information and potentially reveal implementation details to unauthorized users...

PT-2025-52308

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description An information disclosure issue exists in Kentico Xperience. Attackers can view sensitive stack trace details through Portal Engine form control error messages. This disclosure of...

Kentico Xperience 安全漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an information disclosure vulnerability that can be exploited by attackers to cause information disclosure...

CVE-2024-49370 Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing

Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.1...

CVE-2024-49370

CVE-2024-49370 affects Pimcore portal engine prior to 4.1.7 and 3.1.16. When a PortalUserObject is linked to a PimcoreUser and the “Use Pimcore Backend Password” option is set, the change password function stores the new password without hashing, making it readable by others. This could enable pa...

Headline Portal Engine 0.x/1.0 HPEInc Parameter Multiple Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19663/info Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these...

Headline Portal Engine HPEInc远程文件包含漏洞

Headline Portal Engine是一款基于PHP的WEB应用程序。 Headline Portal Engine不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是由于多个脚本对用户提交的'HPEinc'参数缺少过滤，提交恶意的远程服务器作为包含对象，可导致以WEB进程权限执行任意PHP代码。 Headline Headline Portal Engine 0.7 Headline Headline Portal Engine 0.6.5 Headline Headline Portal Engine 0.6.1 Headline...

Headline Portal Engine 0.x/1.0 - &#039;HPEInc&#039; Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/19663/info Multiple remote file-include vulnerabilities affect HPE because the application fails to properly sanitize user-supplied input before using it in a PHP 'include' function call. An attacker may leverage these issues to execute arbitrary...

HPE - News Portal Engine

Product : HPE - News Portal Engine Version : 4.0 beta WebSite : http://news.is.free.fr Problem : phpinfo Description: ------------ phpinfo.php =========== ... HPEbeginPage"PHPinfo"; phpinfo; HPEendPage; ... =========== Exploit: -------- http://somehost/HPEdir/HPE/admin/pages/phpinfo.php...

mambo_advisorie.txt

Serious security hole in Mambo Site Server version 3.0.X Jul, 24 2001 by: Ismael Peinado Palomo - [email protected] www.reverseonline.com Summary Mambo Site Server is a dynamic portal engine and content management tool based on PHP and MySQL. Details Vulnerable systems: Mambo Site Serv...