Lucene search
+L

692 matches found

Cvelist
Cvelist
added 2022/04/12 4:29 p.m.34 views

CVE-2022-27263

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

9.8AI score0.03018EPSS
Exploits1References2
OSV
OSV
added 2022/04/12 4:29 p.m.14 views

CVE-2022-27263

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file...

9.8CVSS7.7AI score0.03018EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/04/12 12:0 a.m.26 views

Strapi 代码问题漏洞

Strapi is an open source headless content management system CMS. A security vulnerability exists in Strapi v4.1.5 that allows an attacker to execute arbitrary code via a crafted file...

9.8CVSS8.8AI score0.03018EPSS
Exploits1References3
CNVD
CNVD
added 2022/03/01 12:0 a.m.22 views

strapi OS command injection vulnerability

Strapi is an open source headless content management system CMS. Strapi is vulnerable to an operating system command injection vulnerability that originates from arbitrary command injection in the GitHub repository. No detailed vulnerability details are currently available...

7.2CVSS1.9AI score0.00782EPSS
Exploits1References1
Veracode
Veracode
added 2022/02/28 7:12 a.m.18 views

Remote Code Execution (RCE)

@strapi/strapi is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of input via the version number string variable...

6.7CVSS6.6AI score0.00782EPSS
Exploits1References3Affected Software1
vulnersOsv
vulnersOsv
added 2022/02/27 12:0 a.m.4 views

@depup/strapi (=2.0.2-depup.0), @jayway/tds (=0.0.1) +25 more potentially affected by CVE-2022-0764 via strapi (>=2.0.2 <=3.6.8)

strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =1.1.0, =1.0.0, =3.6.1-0.1, =2.0.0, =2.0.2 - strapi-editorjs =0.0.1 and more Source cves: CVE-2022-0764 Source advisory: OSV:GHSA-XRJF-PHVV-R4VR...

7.2CVSS6.5AI score0.00782EPSS
Exploits1
OSV
OSV
added 2022/02/27 12:0 a.m.23 views

GHSA-XRJF-PHVV-R4VR Command injection in strapi

When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link, this happens due to improper sanitization of user input...

6.1CVSS6.6AI score0.00782EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/02/27 12:0 a.m.13 views

Command injection in strapi

When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link, this happens due to improper sanitization of user input...

7.2CVSS1.9AI score0.00782EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2022/02/26 3:15 p.m.29 views

CVE-2022-0764

Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...

7.2CVSS0.00782EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/02/26 3:15 p.m.5 views

CVE-2022-0764

Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...

7.2CVSS5.5AI score0.00782EPSS
Exploits1References4
Prion
Prion
added 2022/02/26 3:15 p.m.11 views

Command injection

Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...

7.2CVSS6.8AI score0.00782EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2022/02/26 2:55 p.m.108 views

CVE-2022-0764

Strapi (strapi/strapi) is affected by CVE-2022-0764: an OS command injection vulnerability in versions prior to 4.1.0 due to improper sanitization of user input when creating an app via the template CLI argument. Impact is arbitrary command execution with local access. Mitigation: update to 4.1.0...

7.2CVSS6.5AI score0.00782EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/02/26 2:55 p.m.21 views

CVE-2022-0764 Arbitrary Command Injection in strapi/strapi

Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0...

6.1CVSS6.5AI score0.00782EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/02/26 12:0 a.m.4 views

Strapi 安全漏洞

Strapi is an open source headless content management system CMS. Strapi is vulnerable to an operating system command injection vulnerability that originates from arbitrary command injection in the GitHub repository. No detailed vulnerability details are currently available...

7.2CVSS5.9AI score0.00782EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/02/26 12:0 a.m.3 views

PT-2022-13420 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: strapi versions prior to 4.1.0 Description: The issue is related to arbitrary command injection in the strapi repository. This occurs due to improper sanitization of user input, specifically when creating a strapi app using the template cli...

7.2CVSS6.5AI score0.00782EPSS
Exploits1References14
Huntr
Huntr
added 2022/02/17 3:58 p.m.17 views

Arbitrary Command Injection

Description When creating a strapi app using npxcreate-strapi-app, we can inject arbitrary commands through the template cli argument as per the code in this particular link https://github.com/strapi/strapi/blob/master/packages/generators/app/lib/utils/fetch-npm-template.jsL13, this happens due t...

7.2CVSS0.8AI score0.00782EPSS
Exploits1References1
0day.today
0day.today
added 2022/02/08 12:0 a.m.266 views

Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) Exploit

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...

9.8CVSS0.4AI score0.97639EPSS
Exploits13
Exploit DB
Exploit DB
added 2022/02/08 12:0 a.m.304 views

Strapi CMS 3.0.0-beta.17.4 - Set Password (Unauthenticated) (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...

9.8CVSS9.8AI score0.97639EPSS
Exploits13
Packet Storm
Packet Storm
added 2022/02/08 12:0 a.m.247 views

Strapi CMS 3.0.0-beta.17.4 Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "Strapi CMS 3.0.0-beta.17.4 - Set Password Unauthenticated Metasploit", 'Description' = %q This exploit module abuses the...

9.8CVSS0.8AI score0.97639EPSS
Exploits13
vulnersOsv
vulnersOsv
added 2022/02/05 12:0 a.m.4 views

@cscharpf/minio-client-versioned (>=1.0.0 <=1.0.8), @iliad.dev/strapi-adapter (>=0.0.43 <=0.2.2) +46 more potentially affected by CVE-2021-23470 via putil-merge (>=1.2.0 <=3.13.0)

putil-merge NPM version =1.2.0, =1.0.0, =0.0.43, =0.6.0, =0.12.0, =0.6.0, =0.6.0, =0.6.0, =1.0.0-beta.3, =0.6.0, =0.10.0, =0.6.0, =0.93.1, =4.0.1, =4.0.1, =5.0.4 and more Source cves: CVE-2021-23470 Source advisory: OSV:GHSA-4G77-CVGW-GRVW...

9.8CVSS7.8AI score0.01266EPSS
Exploits1
Rows per page
Query Builder