Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/05 6:20 p.m.13 views

EUVD-2026-34883

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

8.7CVSS5.5AI score0.01036EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:20 p.m.6 views

CVE-2026-46392

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the .htaccess rule that forces Content-Disposition: attachment on HTML...

8.7CVSS5.5AI score0.01036EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.9 views

HAX 安全漏洞

HAX is an open-source microsite managed using HAX+CMS with a PHP backend. Versions of HAX prior to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the saveFile endpoint’s validation mechanism, which does not distinguish between uppercase and lowercase file extensions...

8.7CVSS5.4AI score0.00223EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.11 views

PT-2026-47029

Name of the Vulnerable Software and Affected Versions HAX CMS PHP versions prior to 26.0.0 Description The saveFile endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim. However, the .htaccess rule designed to force Content-Disposition: attachment on HT...

8.7CVSS5.5AI score0.00223EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2007/06/22 12:0 a.m.5 views

PT-2007-4642 · Myserver · Myserver

Name of the Vulnerable Software and Affected Versions: MyServer versions 0.8.9 and earlier Description: The issue allows remote attackers to obtain sensitive information, such as script source code, by exploiting the improper handling of uppercase characters in filename extensions. This can be...

7.8CVSS7.3AI score0.05967EPSS
Exploits0References9
Rows per page
Query Builder