5 matches found
CVE-2020-35734
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...
CVE-2020-35734
creationtimestamp| type| source ---|---|--- 2024-11-14 06:07:59+00:00| seen| MISP/a47ec090-3292-42fc-a1c0-1e736d4681e5...
Batflat CMS 1.3.6 - Remote Code Execution (Authenticated) Exploit
Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution Authenticated Exploit Author: mari0x00 Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Description:...
Batflat CMS 1.3.6 Remote Code Execution
Exploit Title: Batflat CMS 1.3.6 - Remote Code Execution Authenticated Date: 2020-12-27 Exploit Author: mari0x00 Vendor Homepage: https://batflat.org/ Software Link: https://github.com/sruupl/batflat/archive/master.zip Description:...
CVE-2020-35734
Batflat CMS 1.3.6 is vulnerable to authenticated code injection leading to Remote Code Execution via input fields on the Users tab. Exploitation requires login to the admin panel and editing another user’s data (e.g., username or display name). Affected product/version: Batflat 1.3.6; vendor note...