4 matches found
Gauge: Attacker can call notifyRewardAmount function to insert malicious token to prevent reward distribution
Lines of code Vulnerability details Impact The notifyRewardAmount function of the Gauge contract can be called by anyone, and can insert any token when rewards.length MAXREWARDTOKENS. And the notifyRewardAmount function of the Gauge contract will call the addRewardToken of the Bribe contract to a...
CVE-2020-21359
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name...
CVE-2020-21359
CVE-2020-21359 affects Maccms10. An arbitrary file upload vulnerability exists in the Template Upload function, where an attacker can bypass the suffix whitelist verification by adding a character to the end of the uploaded file name, enabling arbitrary code execution. Connected sources corrobora...
CVE-2020-21359
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name...