3 matches found
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the dir parameter in the terminal handler process. An attacker can execute arbitrary operating system commands with web server privileges by injecting shell metacharacters into the dir parameter, bypassing command...
PT-2023-15147 · WordPress · Genesis Columns Advanced
Name of the Vulnerable Software and Affected Versions: Genesis Columns Advanced WordPress plugin versions prior to 2.0.4 Description: The issue allows users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high-privilege users such as...
PT-2022-22046 · Jenkins · Jenkins Embeddable Build Status Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Embeddable Build Status Plugin versions 2.0.3 and earlier Description: The issue allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system by exploiting a relative path...