Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2015/02/23 12:0 a.m.31 views

X2Engine < 4.2 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...

7.5CVSS6.1AI score0.03002EPSS
Exploits4References6
securityvulns
securityvulns
added 2014/10/14 12:0 a.m.71 views

[KIS-2014-09] X2Engine &lt;= 4.1.7 &#40;SiteController.php&#41; PHP Object Injection Vulnerability

------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...

7.5CVSS1AI score0.02671EPSS
Exploits3
CVE
CVE
added 2014/10/10 1:0 a.m.50 views

CVE-2014-5297

The CVE-2014-5297 entry affects X2Engine 2.8–4.1.7, specifically the actionSendErrorReport method in protected/controllers/SiteController.php. The vulnerability arises from taking user-supplied data in the POST parameter report, applying base64_decode followed by unserialize without proper saniti...

7.5CVSS7.1AI score0.02671EPSS
Exploits3References5Affected Software1
Packet Storm
Packet Storm
added 2014/09/23 12:0 a.m.39 views

X2Engine 4.1.7 PHP Object Injection

------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection Vulnerability ------------------------------------------------------------------------- - Software Link: http://www.x2engine.com/ - Affected Versions: All versions fr...

7.5CVSS6.6AI score0.02671EPSS
Exploits3
0day.today
0day.today
added 2014/09/23 12:0 a.m.73 views

X2Engine 4.1.7 PHP Object Injection / Unrestricted File Upload Vulnerabilies

X2Engine versions 2.8 through 4.1.7 suffer from a PHP object injection and below suffer from an unrestricted file upload vulnerability due to poor use of a blacklist. ------------------------------------------------------------------------- X2Engine = 4.1.7 SiteController.php PHP Object Injection...

7.5CVSS6.9AI score0.03002EPSS
Exploits4
Rows per page
Query Builder