Lucene search
+L

76 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.12 views

CVE-2024-33120

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...

9.8CVSS8.2AI score0.00772EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.10 views

CVE-2024-33121

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search function...

6.3CVSS8.3AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:6 a.m.8 views

CVE-2022-28052

Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution...

8CVSS7.5AI score0.02369EPSS
Exploits1References1
OSV
OSV
added 2024/05/07 3:15 p.m.8 views

CVE-2024-33120

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...

9.8CVSS6.1AI score0.00772EPSS
Exploits0References2
NVD
NVD
added 2024/05/07 3:15 p.m.21 views

CVE-2024-33120

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...

9.8CVSS7.8AI score0.00772EPSS
Exploits0References1
NVD
NVD
added 2024/05/07 3:15 p.m.17 views

CVE-2024-33124

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode function...

9.8CVSS7.8AI score0.00503EPSS
Exploits0References1
OSV
OSV
added 2024/05/07 3:15 p.m.4 views

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

6.3CVSS5.8AI score0.00339EPSS
Exploits0References1
NVD
NVD
added 2024/05/07 3:15 p.m.20 views

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

6.3CVSS7.8AI score0.00339EPSS
Exploits0References1
OSV
OSV
added 2024/05/07 3:15 p.m.6 views

CVE-2024-33124

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode function...

9.8CVSS5.8AI score0.00503EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/07 12:0 a.m.13 views

CVE-2024-33120

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...

8.1AI score0.00772EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.31 views

CVE-2024-33120

Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...

8AI score0.00772EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/05/07 12:0 a.m.30 views

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

8.1AI score0.00339EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.5 views

Roothub 安全漏洞

Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.6, which was discovered to contain an SQL injection vulnerability via the topic parameter in the list function...

6.3CVSS8.3AI score0.00339EPSS
Exploits0References2
CVE
CVE
added 2024/05/07 12:0 a.m.61 views

CVE-2024-33122

CVE-2024-33122 affects Roothub v2.6. A SQL injection vulnerability exists in the list() function via the topic parameter, caused by unsafe SQL construction. CVSS 3.1 base score 6.3 (Medium) with Low impact across confidentiality, integrity, and availability. No exploits details are provided in th...

6.3CVSS8.2AI score0.00339EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/05/07 12:0 a.m.73 views

CVE-2024-33120

CVE-2024-33120 affects Roothub v2.5, where an arbitrary file upload vulnerability in the upload() function via the customPath parameter allows remote code execution through a crafted JSP file. Reported impact is full confidentiality, integrity, and availability compromise (high). Connected source...

9.8CVSS8.1AI score0.00772EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.4 views

PT-2024-25124 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: The issue is related to a SQL injection vulnerability. This vulnerability occurs via the topic parameter in the list function. Recommendations: For Roothub version 2.6, consider restricting the use of the list...

6.3CVSS8.1AI score0.00339EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/05/07 12:0 a.m.14 views

CVE-2024-33124

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode function...

8.3AI score0.00503EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.8 views

PT-2024-25122 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.5 Description: The issue allows attackers to execute arbitrary code via a crafted JSP file, exploiting an arbitrary file upload vulnerability. This vulnerability is accessible via the customPath parameter in the upload...

9.8CVSS8.2AI score0.00772EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/05/07 12:0 a.m.16 views

CVE-2024-33122

Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...

8.3AI score0.00339EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.6 views

PT-2024-25125 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: A SQL injection issue was discovered via the nodeTitle parameter in the parentNode function. This allows for potential exploitation. Recommendations: For Roothub version 2.6, as a temporary workaround, conside...

9.8CVSS8AI score0.00503EPSS
Exploits0References5
Rows per page
Query Builder