21 matches found
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...
EUVD-2022-45105
Malicious code in bioql PyPI...
EUVD-2023-37846
Malicious code in bioql PyPI...
CVE-2023-33690
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...
CVE-2023-33690
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...
CVE-2023-33690
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...
CVE-2023-33690
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...
Path traversal
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...
CVE-2023-33690
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...
CVE-2023-33690
Summary: SonicJS v0.7.0 and earlier are affected by an authenticated path traversal via special characters injected into the backup CMS filename. Evidence across multiple sources identifies the issue as a filename-injection vulnerability leading to path traversal. Impact: authenticated access cou...
SonicJS 路径遍历漏洞
SonicJS is a content management system based on modern open source NodeJs by Lane Personal Developer. A security vulnerability exists in SonicJS v0.7.0 and earlier versions that stems from injecting special characters into the filename of a backup CMS, allowing an attacker to perform authenticate...
CVE-2023-33690
SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS...
PT-2023-24449 · Sonicjs · Sonicjs
Name of the Vulnerable Software and Affected Versions: SonicJS versions up to 0.7.0 Description: The issue allows attackers to execute an authenticated path traversal when special characters are injected into the filename of a backup CMS. Recommendations: For SonicJS versions up to 0.7.0, update ...
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...
Authentication flaw
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...
SonicJS 缓冲区错误漏洞
SonicJS is a content management system based on modern open source NodeJs by Lane Personal Developer. A buffer error vulnerability exists in SonicJS version 0.6.0 and prior versions, which stems from a file overwrite. An attacker exploiting this vulnerability can write and delete arbitrary files...
CVE-2022-42002
CVE-2022-42002 affects SonicJS up to version 0.6.0. The vulnerability stems from unauthenticated access to the file mutation mutations, specifically fileCreate and fileUpdate , which can overwrite arbitrary files on a SonicJS application. This leads to Arbitrary File Write and Delete . Connection...
CVE-2022-42002
SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete...