GHSA-8PW3-9M7F-Q734 TinaCMS CLI Dev Server Vulnerable to Cross-Origin File Exfiltration via CORS Misconfiguration + Path Traversal in TinaCMS

Summary The TinaCMS CLI dev server combines a permissive CORS configuration Access-Control-Allow-Origin: with the path traversal vulnerability previously reported to enable a browser-based drive-by attack. A remote attacker can enumerate the filesystem, write arbitrary files, and delete arbitrary...

CVE-2020-24804

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...

EUVD-2020-17514

Malware in sbrugna...

CVE-2020-24804

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...

CVE-2020-24804

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...

Unrestricted file upload

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...

CVE-2020-24804

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...

CVE-2020-24804

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs...

CVE-2020-24804

CVE-2020-24804 affects cms-dev/cms v1.4.rc1. The issue is in AddAdmin.py where plaintext passwords are written to audit logs, allowing an attacker to obtain sensitive information from logs. CVSSv3.1: 6.5 (MEDIUM); vector: Network, Low attack complexity, Local privileges, No user interaction, Conf...