76 matches found
CVE-2024-33120
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...
CVE-2024-33121
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search function...
CVE-2022-28052
Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution...
CVE-2024-33120
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...
CVE-2024-33120
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...
CVE-2024-33124
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode function...
CVE-2024-33122
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...
CVE-2024-33122
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...
CVE-2024-33124
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode function...
CVE-2024-33120
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...
CVE-2024-33120
Roothub v2.5 was discovered to contain an arbitrary file upload vulnerability via the customPath parameter in the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted JSP file...
CVE-2024-33122
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...
Roothub 安全漏洞
Roothub is a forum system developed using SSM and MySQL. A security vulnerability exists in Roothub v2.6, which was discovered to contain an SQL injection vulnerability via the topic parameter in the list function...
CVE-2024-33122
CVE-2024-33122 affects Roothub v2.6. A SQL injection vulnerability exists in the list() function via the topic parameter, caused by unsafe SQL construction. CVSS 3.1 base score 6.3 (Medium) with Low impact across confidentiality, integrity, and availability. No exploits details are provided in th...
CVE-2024-33120
CVE-2024-33120 affects Roothub v2.5, where an arbitrary file upload vulnerability in the upload() function via the customPath parameter allows remote code execution through a crafted JSP file. Reported impact is full confidentiality, integrity, and availability compromise (high). Connected source...
PT-2024-25124 · Roothub · Roothub
Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: The issue is related to a SQL injection vulnerability. This vulnerability occurs via the topic parameter in the list function. Recommendations: For Roothub version 2.6, consider restricting the use of the list...
CVE-2024-33124
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the nodeTitle parameter in the parentNode function...
PT-2024-25122 · Roothub · Roothub
Name of the Vulnerable Software and Affected Versions: Roothub version 2.5 Description: The issue allows attackers to execute arbitrary code via a crafted JSP file, exploiting an arbitrary file upload vulnerability. This vulnerability is accessible via the customPath parameter in the upload...
CVE-2024-33122
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the topic parameter in the list function...
PT-2024-25125 · Roothub · Roothub
Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: A SQL injection issue was discovered via the nodeTitle parameter in the parentNode function. This allows for potential exploitation. Recommendations: For Roothub version 2.6, as a temporary workaround, conside...