8 matches found
CVE-2022-23330
A remote code execution RCE vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package...
CVE-2021-46116
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin.TemplateControllerdoInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code...
CVE-2021-46115
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin.TemplateControllerdoUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code...
CVE-2021-46115
jpress 4.2.0 is vulnerable to RCE via io.jpress.web.admin.TemplateControllerdoUploadFile. The admin panel provides a function through which attackers can upload templates and inject some malicious code...
CVE-2021-46118
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...
CVE-2021-46116
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.web.admin.TemplateControllerdoInstall. The admin panel provides a function through which attackers can install templates and inject some malicious code...
Remote code execution
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.page.PageNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...
CVE-2021-46118
jpress 4.2.0 is vulnerable to remote code execution via io.jpress.module.article.kit.ArticleNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...