692 matches found
@cscharpf/minio-client-versioned (>=1.0.0 <=1.0.8), @iliad.dev/strapi-adapter (>=0.0.43 <=0.2.2) +46 more potentially affected by CVE-2021-25953 via putil-merge (>=1.2.0 <=3.13.0)
putil-merge NPM version =1.2.0, =1.0.0, =0.0.43, =0.6.0, =0.12.0, =0.6.0, =0.6.0, =0.6.0, =1.0.0-beta.3, =0.6.0, =0.10.0, =0.6.0, =0.93.1, =4.0.1, =4.0.1, =5.0.4 and more Source cves: CVE-2021-25953 Source advisory: OSV:GHSA-9X7M-9HPG-XXMW...
GHSA-49VV-6Q7Q-W5CF Duplicate Advisory: OS Command Injection in Strapi
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...
Duplicate Advisory: OS Command Injection in Strapi
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-9p2w-rmx4-9mw7. This link is maintained to preserve external references. Original Description The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugi...
GHSA-23FP-FMRV-F5PX Uncontrolled Resource Consumption in strapi
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application...
Exploit for Cross-Site Request Forgery (CSRF) in Cisco Industrial_Network_Director
PoC exploit for CVE-2019-18818, an unauthenticated password rese...
Strapi Remote Code Execution (CVE-2019-19609)
A remote code execution vulnerability exists in Strapi framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
GHSA-37HX-4MCQ-WC3H Weak Password Recovery Mechanism for Forgotten Password in Strapi
In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password...
@depup/strapi (=2.0.2-depup.0), @koj/strapi (>=0.0.0 <=1.4.3) +9 more potentially affected by CVE-2021-28128 via strapi (>=2.0.2 <=3.3.4)
strapi NPM version =2.0.2, =0.0.0, =0.0.1, =0.0.34, =2.0.0, =2.0.0, =0.0.1-alpha.1, =0.0.1-alpha.2 - strapi-plugin-mailjet =0.0.2 Source cves: CVE-2021-28128 Source advisory: OSV:GHSA-37HX-4MCQ-WC3H...
Weak Password Recovery Mechanism for Forgotten Password in Strapi
In Strapi through 3.6.0, the admin panel allows the changing of one's own password without entering the current password. An attacker who gains access to a valid session can use this to take over an account by changing the password...
Exploit for OS Command Injection in Strapi
CVE-2019-19609 Strapi Remote Code...
Strapi 3.0.0-beta Authentication Bypass
Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "[email protected]...
Exploit for OS Command Injection in Strapi
CVE-2019-19609 Strap...
Strapi 3.0.0-beta - Set Password (Unauthenticated) Exploit
Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "email protecte...
Strapi 3.0.0-beta.17.7 Remote Code Execution
Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...
Strapi CMS 3.0.0-beta.17.4 Remote Code Execution
Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...
Strapi 3.0.0-beta.17.7 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...
Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-18818, CVE-2019-19609...
Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...
Strapi 3.0.0-beta - Set Password (Unauthenticated)
Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "[email protected]...
Strapi 3.0.0-beta.17.7 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Strapi 3.0.0-beta.17.7 - Remote Code Execution RCE Authenticated Date: 29/08/2021 Exploit Author: David Utón M3n0sD0n4ld Vendor Homepage: https://strapi.io/ Affected Version: strapi-3.0.0-beta.17.7 and earlier Tested on: Linux Ubuntu 18.04.5 LTS CVE : CVE-2019-19609 !/usr/bin/pytho...