PT-2024-30264 · Jpress · Jpress

Name of the Vulnerable Software and Affected Versions: JPress versions through 5.1.1 Description: The issue is an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to...

Directory Traversal

nocodb is vulnerable to Directory Traversal. The vulnerability exists in the fileRead function of attachments.controller.ts and attachment.ctl.ts files, which allows an attacker to fetch arbitrary files on the server by manipulating the path parameter of the /download route, resulting in the...

CVE-2023-27084

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter...

PT-2023-20942 · Isoftforce · Isoftforce Dreamer Cms

Name of the Vulnerable Software and Affected Versions: isoftforce Dreamer CMS version 4.0.1 Description: A permissions issue allows local attackers to obtain sensitive information via the AttachmentController parameter. This issue can be exploited to gain access to restricted data. Recommendation...