2 matches found
CVE-2026-55744 Cotonti CSRF in PFS allows forced arbitrary file upload
Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...
Cotonti 0.6.23 SQL Injection
================================================================== Vulnerable Software: cotonti-0.6.23 Official Site: http://www.cotonti.com/ Tested version: http://cotonti.googlecode.com/files/cotonti-0.6.23.7z ================================================================== About Software:...