CVE-2021-25972

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

CVE-2021-25972

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

Server side request forgery (ssrf)

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

CVE-2021-25972 Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery SSRF in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read...

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Have reviewed your fix for double URL encoding here: https://github.com/Admidio/admidio/commit/6b3820a574dc5f52243fbaafdb7089560c99d949 But it can easily be bypassed by triple URL encoding. Note: apparently after applying the above fix from Github on the machine, I cannot use the...

Cross-site Scripting (XSS) - Reflected in admidio/admidio

Description Possible to perform reflected XSS by using double URL encoding when retrieving files Proof of Concept Trigger XSS via...

Cross-Site Request Forgery (CSRF) in namelessmc/nameless

Description More CSRF endpoints in delete webhooks Proof of Concept /index.php?route=/panel/core/hooks/&action=delete&id=2 Impact This vulnerability is capable of tricking admin users to deleting webhooks...

in flatcore/flatcore-cms

Description Attackers can trick admin users into performing actions because there is no X-Frame-Options: DENY header set by the application. This header is important because it prevents other websites from Iframing the website. If the website can be iframed, then the attacker can host a malicious...

Cross-Site Request Forgery (CSRF) in pkp/pkp-lib

Description Higher severity CSRF in PKP-LIB plugins ImportExport is vulnerable to CSRF in terms of file uploads and file imports, an attacker can import arbitrary users into the platform, 1: POST /index.php/e/management/importexport/plugin/UserImportExportPlugin/uploadImportXML 2: GET...

CVE-2021-38156

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard...

TinyFileManager 跨站请求伪造漏洞

TinyFileManager is a web-based file manager. A cross-site request forgery vulnerability exists in TinyFileManager 2.4.6 and all versions below, which can be exploited by attackers to upload files and run operating system commands by tricking Administrator users into browsing an attacker-controlle...

GHSA-26RR-V2J2-25FH Layout XML Arbitrary Code Fix

Impact Layout XML enabled admin users to execute arbitrary commands via block methods...

Layout XML Arbitrary Code Fix

Impact Layout XML enabled admin users to execute arbitrary commands via block methods...

Data Flow Sanitation Issue Fix

Impact Due to missing sanitation in data flow it was possible for admin users to upload arbitrary executable files to the server...

Remote Code Execution (RCE)

openmage/magento-lts is vulnerable to remote code execution. Lack of data flow sanitization allows admin users to upload malicious executable files to the server...

CVE-2021-32759

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

Design/Logic Flaw

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

CVE-2021-32759 Data Flow Sanitation Issue Fix

OpenMage magento-lts is an alternative to the Magento CE official releases. Due to missing sanitation in data flow in versions prior to 19.4.15 and 20.0.13, it was possible for admin users to upload arbitrary executable files to the server. OpenMage versions 19.4.15 and 20.0.13 have a patch for...

CVE-2021-32758

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched...

CVE-2021-32758

OpenMage Magento LTS is an alternative to the Magento CE official releases. Prior to versions 19.4.15 and 20.0.11, layout XML enabled admin users to execute arbitrary commands via block methods. The latest OpenMage Versions up from v19.4.15 and v20.0.11 have this Issue patched...