3 matches found
Rdiffweb 跨站请求伪造漏洞
Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. It provides quick access to your archives through an efficient web interface. A cross-site request forgery vulnerability exists in Rdiffweb versions prior to 2.4.7. An attacker could exploit this vulnerability t...
PT-2022-21439 · Rdiffweb · Rdiffweb
Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.7 Description: The issue is related to Cross-Site Request Forgery CSRF, which allows an attacker to change a user's email ID. Recommendations: For versions prior to 2.4.7, update to version 2.4.7 to resolve the...
CVE-2021-24758
The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading to SQL injections...