6 matches found
CVE-2024-42662
An issue in apollocongif apollo v.2.2.0 allows a remote attacker to obtain sensitive information via a crafted request...
CVE-2024-40464
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file...
CVE-2024-40465
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file...
CVE-2024-40465
CVE-2024-40465 is a privilege-escalation vulnerability in Beego (getCacheFileName in file.go) where a remote authenticated attacker could gain elevated privileges. The IBM Security bulletin specifies a base score of 8.8 (CVSS v3.1, HIGH) with network attack vector, low attack complexity, and requ...
Default credentials
Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location...
Interact 2.2 - CONFIG[base_path] Remote File Inclusion
Interact 2.2 - CONFIGbasepath Remote File Inclusion / + + - - - DEVIL TEAM THE BEST POLISH TEAM - - + + + - Cce-interact admin/autoprompter.php line 33-38: .... requireonce$CONFIG'BASEPATH'.'/modules/forum/autoprompt/prompt.inc.php'; requireonce$CONFIG'LANGUAGECPATH'.'/forumstrings.inc.php'; $rs ...