Parse Server: `PagesRouter` path traversal allows reading files outside configured pages directory

Impact The PagesRouter static file serving route is vulnerable to a path traversal attack that allows unauthenticated reading of files outside the configured pagesPath directory. The boundary check uses a string prefix comparison without enforcing a directory separator boundary. An attacker can u...

CVE-2024-22636

PluXml Blog v5.8.9 was discovered to contain a remote code execution RCE vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field...

CVE-2024-22636

PluXml Blog v5.8.9 was discovered to contain a remote code execution RCE vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field...

CVE-2020-25876

A stored cross site scripting XSS vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter...

CVE-2008-4904

SQL injection vulnerability in the "Manage pages" feature admin/pages in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the searchpublishedat parameter...