2 matches found
Design/Logic Flaw
ClipperCMS 1.3.3 does not have CSRF protection on its kcfinder file upload enabled by default. This can be used by an attacker to perform actions for an admin or any user with the file upload capability. With this vulnerability, one can automatically upload files by default, it allows html, pdf,...
vTiger CRM 5.4.0 kcfinder File Upload
File upload vulnerability in vtiger CRM kcfinder component Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...