4 matches found
Code injection
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
Batflat CMS 1.3.6 is vulnerable to authenticated code injection leading to Remote Code Execution via input fields on the Users tab. Exploitation requires login to the admin panel and editing another user’s data (e.g., username or display name). Affected product/version: Batflat 1.3.6; vendor note...
PT-2021-11840 · Batflat · Batflat
Name of the Vulnerable Software and Affected Versions: Batflat version 1.3.6 Description: The issue allows an authenticated user to perform code injection, and consequently Remote Code Execution, via the input fields of the Users tab. To exploit this, one must login to the administration panel an...