143 matches found
CVE-2021-32698
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0...
CVE-2021-32698
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0...
Cross site request forgery (csrf)
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0...
CVE-2021-32698
CVE-2021-32698 affects the eLabFTW open source electronic lab notebook. The issue is a blind server-side request forgery (SSRF) that lets an attacker cause the server to issue GET requests on behalf of the server, without the attacker seeing the response. The vulnerability is mitigated by a patch...
CVE-2021-32698 Blind Server-Side Request Forgery (SSRF) in eLabFTW
eLabFTW is an open source electronic lab notebook for research labs. This vulnerability allows an attacker to make GET requests on behalf of the server. It is "blind" because the attacker cannot see the result of the request. Issue has been patched in eLabFTW 4.0.0...
Elabftw 代码问题漏洞
Elabftw is an open source platform for hosting experimental data. The platform runs on Linux and supports storing a wide range of objects. ELabFTW suffers from a code issue vulnerability that can be exploited by an attacker to make GET requests on behalf of the server...
Design/Logic Flaw
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...
CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...
CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...
eLabFTW 1.8.5 Arbitrary File Upload / Remote Code Execution
!/usr/bin/env python Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8.5 Software Link : https://github.com/elabftw/elabftw...
eLabFTW 1.8.5 - Arbitrary File Upload Remote Code Execution
eLabFTW 1.8.5 - Arbitrary File Upload Remote Code Execution !/usr/bin/env python Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version ...
eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8....
eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution
Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8.5 Software Link : https://github.com/elabftw/elabftw Tested On : Linux / PH...
CVE-2019-12185
CVE-2019-12185 affects eLabFTW 1.8.5. The /app/controllers/EntityController.php component is vulnerable to arbitrary file uploads, enabling remote code execution by writing PHP files to the web root; an authenticated user can trigger this via a POST request. Public exploit/example details exist (...
CVE-2019-12185
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the we...
PT-2019-12686 · Elabftw · Elabftw
Name of the Vulnerable Software and Affected Versions: eLabFTW version 1.8.5 Description: The issue allows for arbitrary file uploads via the /app/controllers/EntityController.php component, potentially resulting in remote command execution. An attacker can use a user account to fully compromise...
Exploit for Unrestricted Upload of File with Dangerous Type in Elabftw
Exploit Title : eLabFTW 1.8.5 'EntityController' Arbit...
eLabFTW experiment infos component cross-site scripting vulnerability
Elabftw is an open source platform for hosting experimental data. The platform runs on Linux and supports storing a variety of objects. experiment infos component is one of the experiment infos storage components. A cross-site scripting vulnerability exists in the experiment infos component in...
Cross site scripting
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service...
CVE-2017-1000478
ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service...