Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/05/26 12:0 a.m.10 views

Gauge: Attacker can call notifyRewardAmount function to insert malicious token to prevent reward distribution

Lines of code Vulnerability details Impact The notifyRewardAmount function of the Gauge contract can be called by anyone, and can insert any token when rewards.length MAXREWARDTOKENS. And the notifyRewardAmount function of the Gauge contract will call the addRewardToken of the Bribe contract to a...

6.7AI score
Exploits0
NVD
NVD
added 2021/08/11 9:15 p.m.14 views

CVE-2020-21359

An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name...

9.8CVSS0.01733EPSS
Exploits1References1
CVE
CVE
added 2021/08/11 8:53 p.m.51 views

CVE-2020-21359

CVE-2020-21359 affects Maccms10. An arbitrary file upload vulnerability exists in the Template Upload function, where an attacker can bypass the suffix whitelist verification by adding a character to the end of the uploaded file name, enabling arbitrary code execution. Connected sources corrobora...

9.8CVSS9.7AI score0.01733EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/08/11 8:53 p.m.13 views

CVE-2020-21359

An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name...

9.8AI score0.01733EPSS
Exploits1References1
Rows per page
Query Builder