6 matches found
CVE-2020-11066
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...
CVE-2022-24594
In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address...
Insecure Deserialization
typo3/cms-core is vulnerable to insecure deserialization. The vulnerability is possible when the unserialize method is invoked on the malicious user provided-content with Class destructors, leading to a deletion of arbitrary directory in file system and to message submission via email, using the...
CVE-2020-11066
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...
CVE-2020-11066
Summary of CVE-2020-11066 (TYPO3) : TYPO3 CMS versions 9.x before 9.5.17 and 10.x before 10.4.2 are affected by an insecure deserialization flaw. Calling unserialize() on malicious user-submitted content can modify dynamically-determined object attributes and may trigger deletion of an arbitrary ...
Discuz X1.5 个人主页存储型XSS
简要描述: 内容检查疏忽 详细说明: 进入他人的个人主页页面 留言提交 imgjavascript:alert/sogili//img 漏洞证明: 暂无图片证明。大型论坛都有权限限制。...