47 matches found
CVE-2021-41714
In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...
EUVD-2021-28726
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2021-41714
In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...
CVE-2021-41714
In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...
CVE-2021-41714
In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...
Code injection
In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...
CVE-2021-41714
CVE-2021-41714 affects Tipask versions prior to 3.5.9. The issue arises when users supply path parameters for attachment downloads, where the server fails to validate the path, enabling a registered user to download arbitrary files (e.g., .env, /etc/passwd, laravel.log) and cause information leak...
CVE-2021-41714
In Tipask 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage...
Tipask 安全漏洞
Tipask is an open-source PHP question and answer system by the individual developer Song Dengfeng sdfsky in China. A security vulnerability exists in Tipask versions prior to 3.5.9, which is caused by a user inputting a path parameter that is not validated when downloading attachments. An attacke...
XSS Vulnerability in Tipask Community Edition of Wuhan MicroQuestion Network Technology Co.
Tipask is an open source PHP Q&A system, based on Laravel 5.6 version development, easy to expand, with strong load capacity and stability. Wuhan Microsoft Network Technology Co., Ltd Tipask there are XSS vulnerabilities, attackers can use the vulnerability to obtain user cookies and other...
tipask /control/favorite.php 注入漏洞
No description provided by source...
Tipask 2.0前台任意文件删除漏洞
No description provided by source...
Tipask前台/?user/register.html无条件注入漏洞
No description provided by source...
Tipask control/answer.php content参数 SQL注入
No description provided by source...
Tipask问答系统 v2.5 flash xss漏洞
No description provided by source...
Tipask 2.5 /control/question.php SQL注入漏洞
No description provided by source...
Tipask v2.5 question.php 存在储存型xss漏洞
No description provided by source...
Tipask v2.5 存在12处sql注入漏洞
No description provided by source...
Tipask 2.5 存在cookie注入漏洞
No description provided by source...
Tipask 2.5 setting.php 存在CSRF漏洞 (结合xss可getshell)
No description provided by source...