14 matches found
EUVD-2024-1267
Malicious code in bioql PyPI...
CVE-2024-30248
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin...
CVE-2024-30248
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin...
CVE-2024-30248 Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin...
CVE-2024-30248
CVE-2024-30248 affects Piccolo Admin, the Python-based admin interface for Piccolo. The vulnerability arises from SVG uploads being allowed by default, allowing an attacker to load a malicious SVG that can grant arbitrary access to the admin page. The root cause is insufficient validation/handlin...
CVE-2024-30248 Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin...
CVE-2024-30248 Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin...
Piccolo 安全漏洞
Piccolo is a fast, user-friendly ORM and query builder from Piccolo Open Source. A security vulnerability exists in Piccolo Admin prior to version 1.3.2, which stems from the fact that Piccolo's admin panel allows uploading of media files, which can be exploited by an attacker to upload an SVG...
GHSA-PMWW-V6C9-7P83 Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access...
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Summary Piccolo's admin panel provides the ability to upload media files and view them within the admin panel. If SVG is an allowed file type for upload; the default; an attacker can upload an SVG which when loaded under certain contexts allows for arbitrary access to the admin page. This access...
PT-2024-23295 · Unknown · Piccolo Admin
Name of the Vulnerable Software and Affected Versions: Piccolo Admin versions prior to 1.3.2 Description: The issue concerns the Piccolo Admin interface, which allows media file uploads, including SVG files by default. An attacker can upload a malicious SVG file, which, when loaded, can provide...
CVE-2024-30248
creationtimestamp| type| source ---|---|--- 2024-03-30 13:58:13+00:00| published-proof-of-concept| https://github.com/piccolo-orm/piccoloadmin/security/advisories/GHSA-pmww-v6c9-7p83...
casper7-plugin-meatball-day (>=0.1.0 <=0.4.2), gator-eda (=0.1.0) +6 more potentially affected by CVE-2023-47128 via piccolo (>=0.103.0 <=0.96.0)
piccolo PYPI version =0.103.0, =0.1.0, =0.3.1, =0.2.0, =0.3.8, =0.0.22, =0.1.0, =1.0.0, =1.5.1 Source cves: CVE-2023-47128 Source advisory: OSV:GHSA-XQ59-7JF3-RJC6...
gator-eda (=0.1.0), piccolo-admin (>=0.6.0 <=0.8.1) +2 more potentially affected by CVE-2023-41885 via piccolo (>=0.103.0 <=0.11.8)
piccolo PYPI version =0.103.0, =0.6.0, =0.7.0, =1.0.0, =1.12.1 Source cves: CVE-2023-41885 Source advisory: OSV:PYSEC-2023-173...