8 matches found
EspoCRM 安全漏洞
EspoCRM is an open-source, web-based Customer Relationship Management system CRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM prior to 9.3.4 contained security vulnerabilities. These vulnerabilities stemmed from the...
CVE-2026-28507
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
Command Injection
idno/known is vulnerable to Command Injection. The vulnerability is due to improper handling of file imports combined with template path traversal, which allows an attacker to write malicious files and execute arbitrary code on the server...
CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
CVE-2026-28507 Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4...
CVE-2026-28507
CVE-2026-28507 affects Idno (social publishing platform). Public disclosures and Red Hat/Veracode entries describe two chained vulnerabilities leading to remote code execution: 1) Arbitrary PHP file write during WordPress import via importImagesFromBodyHTML, leveraging uncontrolled outbound fopen...
Idno Vulnerable to Remote Code Execution via Chained Import File Write and Template Path Traversal
Affected Versions: Tested on current dev branch build fingerprint 505...7bd86 CVSS v4 Score: 8.6 CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Privileges Required: Web application admin account for file write, any authenticated user for RCE trigger --- Summary Two separate...
CVE-2018-20604
Lei Feng TV CMS aka LFCMS 3.8.6 allows Directory Traversal via crafted use of .. in Template/edit/path URIs, as demonstrated by the admin.php?s=/Template/edit/path/web........1.txt.html URI to read the 1.txt file...