Lucene search
K
GithubRecent

33227 matches found

Github Security Blog
Github Security Blog
added 2026/03/03 8:58 p.m.8 views

NocoDB Vulnerable to SQL Injection via DATEADD Formula

Summary An authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. Details The third argument unit of DATEADD was interpolated directly into knex.raw queries after only stripping quote characters. Validation in formulas.ts only checked Literal AST...

8.8CVSS6AI score0.00319EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:58 p.m.6 views

NocoDB Vulnerable to Stored Cross-Site Scripting via Comments and Rich Text Cells

Summary User-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. Details Comments in Comments.vue and rich text in TextArea.vue were parsed by markdown-it with html: true and injected via v-html. The codebase had vue-dompurify-html...

5.4CVSS5.9AI score0.00143EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:58 p.m.5 views

Craft CMS Vulnerable to Stored XSS in Settings Names and Field Options

Overview of all XSS Reports Multiple stored XSS vulnerabilities were found in Craft CMS. They were split into 4 reports as follows: | Report | What's Vulnerable | Why Separate | |--------|-------------------|--------------| | This Report 1 | Multiple settings names | Twig Template:...

5.8AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:38 p.m.9 views

Craft CMS has IDOR via GraphQL @parseRefs

The GraphQL directive @parseRefs, intended to parse internal reference tags e.g., user:1:email, can be abused by both authenticated users and unauthenticated guests if a Public Schema is enabled to access sensitive attributes of any element in the CMS. The implementation in Elements::parseRefs...

8.7CVSS6AI score0.00447EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:30 p.m.21 views

Craft CMS Vulnerable to Authenticated RCE via Twig SSTI - create() function + Symfony Process gadget

There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the create Twig function combined with a Symfony Process gadget chain. This bypasses the fix implemented for CVE-2025-57811 patched in 5.8.7. Required Permissions - Administrator permissions or access...

7.5CVSS6.1AI score0.00556EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:25 p.m.11 views

AWS-LC has PKCS7_verify Signature Validation Bypass

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper signature validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of AWS services do not need...

8.7CVSS6AI score0.00779EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:9 p.m.11 views

AWS-LC has Timing Side-Channel in AES-CCM Tag Verification

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP...

8.2CVSS6AI score0.01079EPSS
Exploits0References7Affected Software2
Github Security Blog
Github Security Blog
added 2026/03/03 8:8 p.m.6 views

AWS-LC has PKCS7_verify Certificate Chain Validation Bypass

Summary AWS-LC is an open-source, general-purpose cryptographic library. Impact Improper certificate validation in PKCS7verify in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. Customers ...

8.7CVSS6AI score0.00771EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:7 p.m.6 views

aws-kms-tls-auth vulnerable to memory overallocation

Summary aws-kms-tls-auth is an optional utility for s2n-tls that enables customers to use AWS KMS keys as part of the PSK extension field in a TLS 1.3 handshake. An issue exists in this library that can lead to overallocation of memory potentially resulting in a denial of service. Impact The PSK...

5.8AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:5 p.m.6 views

PickleScan has multiple stdlib modules with direct RCE not in blocklist

Summary picklescan v1.0.3 latest does not block at least 7 Python standard library modules that provide direct arbitrary command execution or code evaluation. A malicious pickle file importing these modules is reported as having 0 issues CLEAN scan. This enables remote code execution that bypasse...

6.7AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:4 p.m.6 views

PickleScan's pkgutil.resolve_name has a universal blocklist bypass

Summary pkgutil.resolvename is a Python stdlib function that resolves any "module:attribute" string to the corresponding Python object at runtime. By using pkgutil.resolvename as the first REDUCE call in a pickle, an attacker can obtain a reference to ANY blocked function e.g., os.system,...

10CVSS6AI score0.00623EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:3 p.m.10 views

PickleScan's profile.run blocklist mismatch allows exec() bypass

Summary picklescan v1.0.3 blocks profile.Profile.run and profile.Profile.runctx but does NOT block the module-level profile.run function. A malicious pickle calling profile.runstatement achieves arbitrary code execution via exec while picklescan reports 0 issues. This is because the blocklist ent...

9.8CVSS6.6AI score0.0046EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:2 p.m.9 views

WWBN AVideo is vulnerable to unauthenticated OS Command Injection via base64Url in objects/getImage.php

Impact An unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Url GET parameter. This can lead to full server compromise, data exfiltration e.g., configuration secrets, internal keys, credentials, and service disruption...

9.8CVSS6.4AI score0.02132EPSS
Exploits2References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 8:1 p.m.10 views

Ghost Vulnerable to Remote Code Execution via Malicious Themes

Impact Specifically crafted malicious themes can execute arbitrary code on the server running Ghost. Vulnerable Versions This vulnerability is present in Ghost v0.7.2 to v6.19.0. Patches v6.19.1 contains a fix for this issue. Workarounds Ghost generally recommends users refrain from installing...

9.8CVSS6.2AI score0.00372EPSS
Exploits3References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:58 p.m.8 views

OpenClaw vulnerable to sensitive file disclosure via stageSandboxMedia

Summary When iMessage remote attachment fetching is enabled channels.imessage.remoteHost, stageSandboxMedia accepted arbitrary absolute paths and used SCP to copy them into local staging. If a non-attachment path reaches this flow, files outside expected iMessage attachment directories on the...

8.2CVSS6AI score0.00344EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:57 p.m.7 views

OpenClaw vulnerable to arbitrary file read via $include directive

Vulnerability Path traversal in config $include resolution allowed arbitrary local file reads outside the config directory boundary CWE-22. Attack Vectors 1. If an attacker can modify OpenClaw config, they can set $include to absolute paths for example /etc/passwd and read files accessible to the...

6.7CVSS6AI score0.00146EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:53 p.m.9 views

OpenClaw's system.run allowlist bypass via shell line-continuation command substitution

Summary In OpenClaw system.run allowlist mode, shell-wrapper analysis could be bypassed by splitting command substitution as $\ + newline + inside double quotes. Analysis treated the payload as allowlisted for example /bin/echo, while shell runtime folded the line continuation into $... and...

8.8CVSS5.9AI score0.00439EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:53 p.m.8 views

OpenClaw's config env vars allowed startup env injection into service runtime

Summary OpenClaw allowed dangerous process-control environment variables from env.vars for example NODEOPTIONS, LD, DYLD to flow into gateway service runtime environments, enabling startup-time code execution in the OpenClaw process context. Details collectConfigEnvVars accepted unfiltered keys...

8.8CVSS6.3AI score0.00371EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:52 p.m.9 views

OpenClaw's shell env fallback trusts unvalidated SHELL path from host environment

The shell environment fallback path could invoke an attacker-controlled shell when SHELL was inherited from an untrusted host environment. In affected builds, shell-env loading used $SHELL -l -c 'env -0' without validating that SHELL points to a trusted executable. In threat-model terms, this...

7.8CVSS6AI score0.00127EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:50 p.m.4 views

OpenClaw's tools.exec.safeBins trusted PATH directories allowed binary shadowing in allowlist mode

Summary In openclaw allowlist mode, tools.exec.safeBins trusted PATH-derived directories for safe-bin resolution. A same-name binary placed in a trusted PATH directory could satisfy safe-bin checks and execute. Impact This is an allowlist bypass in exec policy that can lead to command execution i...

6.2AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:50 p.m.7 views

OpenClaw's Slack reaction/pin sender-policy consistency issue in non-message ingress

Summary OpenClaw Slack monitor handled reaction and pin non-message events before applying sender-policy checks consistently. In affected versions, these events could be added to system-event context even when sender policy would not normally allow them. Affected Packages / Versions - Package: np...

5.3CVSS5.9AI score0.00204EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:46 p.m.6 views

OpenClaw's system.run shell-wrapper positional argv carriers could execute hidden commands under misleading approval text

Summary In openclaw up to and including 2026.2.23 latest npm release as of February 25, 2026, system.run shell-wrapper inputs could present misleading approval/display text while still carrying hidden positional argv payloads that execute at runtime. Affected Packages / Versions - Package: opencl...

9.8CVSS6.1AI score0.00911EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:18 p.m.9 views

OpenClaw's system.run approval TOCTOU via mutable symlink cwd target on node host

Summary In [email protected], approval-bound system.run on node hosts could be influenced by mutable symlink cwd targets between approval and execution. Details Approval matching on the gateway validated command/argv and binding fields, including cwd, as provided text. Node execution later used...

7CVSS6.1AI score0.00099EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:17 p.m.15 views

OpenClaw's andbox browser noVNC observer lacked VNC authentication

The sandbox browser entrypoint launched x11vnc without authentication -nopw for noVNC observer sessions. OpenClaw-managed runtime flow publishes the noVNC port to host loopback only 127.0.0.1, so default exposure is local to the host unless operators explicitly expose the port more broadly or run...

9.1CVSS5.9AI score0.00514EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:17 p.m.9 views

OpenClaw DM pairing-store identities could satisfy group allowlist authorization

Summary DM pairing-store identities were incorrectly eligible for group allowlist authorization checks, enabling cross-context authorization in group message paths. Details In affected versions, group allowlist evaluation could inherit identities from the DM pairing store. A sender approved via D...

7.1CVSS5.9AI score0.00238EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:16 p.m.8 views

OpenClaw's dispatch-wrapper depth-cap mismatch can bypass shell-wrapper approval gating in system.run allowlist mode

Summary A wrapper-depth parsing mismatch in system.run allowed nested transparent dispatch wrappers for example repeated /usr/bin/env to suppress shell-wrapper detection while still matching allowlist resolution. In security=allowlist + ask=on-miss, this could bypass the expected approval prompt...

8.8CVSS6AI score0.00276EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:16 p.m.8 views

OpenClaw's voice-call Twilio webhook replay could bypass manager dedupe because normalized event IDs were randomized per parse

Impact Twilio webhook replay events could bypass voice-call manager dedupe because normalized event IDs were randomized per parse. A replayed event could be treated as new and trigger duplicate or stale call-state transitions. Affected Packages / Versions - Package: openclaw npm - Vulnerable...

6.9CVSS5.9AI score0.00337EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:9 p.m.6 views

OpenClaw safeBins grep -e File Read Bypass (stdin-only policy bypass)

Summary OpenClaw tools.exec.safeBins had a stdin-only policy bypass for grep. If pattern input was supplied through -e / --regexp, the validator consumed the pattern as a flag value and still allowed one positional operand. That positional could be a bare filename like .env. Affected Packages /...

6.5CVSS5.9AI score0.00259EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:8 p.m.7 views

OpenClaw: Unauthorized Telegram Senders Trigger Media Download and Disk Write Before Access Check

Impact In Telegram DM mode, inbound media was downloaded and written to disk before sender authorization checks completed. An unauthorized sender could trigger inbound media download/write activity including media groups even when DM access should be denied. Affected Packages / Versions - Package...

6AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 7:8 p.m.6 views

OpenClaw: Native prompt image auto-load did not honor tools.fs.workspaceOnly in sandboxed runs

Summary In sandboxed runs, native prompt image auto-load did not honor tools.fs.workspaceOnly=true. This optional hardening setting is not enabled by default. When operators enabled it, prompt text could still reference mounted out-of-workspace image paths for example /agent/secret.png and load...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:54 p.m.11 views

OpenClaw's non-default safeBins sort configuration can bypass intended allowlist approval constraints

When sort is explicitly added to tools.exec.safeBins non-default, the --compress-program option can invoke an external helper and bypass the intended safe-bin approval constraints in allowlist mode. Affected Packages / Versions - Package: openclaw npm - Vulnerable versions: =2026.2.22. Once that...

7.1CVSS5.9AI score0.00197EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:54 p.m.7 views

OpenClaw has gateway plugin auth bypass via encoded dot-segment traversal in protected /api/channels paths

Summary Gateway plugin route auth protection for /api/channels could be bypassed using encoded dot-segment traversal for example ..%2f in path variants that plugin handlers normalize. Affected Packages / Versions - Package: npm openclaw - Latest published vulnerable version: 2026.2.25 - Vulnerabl...

8.3CVSS5.9AI score0.00433EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:43 p.m.8 views

OpenClaw's gateway tokenless Tailscale auth applied to HTTP routes

Summary When tokenless Tailscale auth is enabled, OpenClaw should only allow forwarded-header auth for Control UI websocket authentication on trusted hosts. In affected versions, that tokenless path could also be used by HTTP gateway auth call sites, which could bypass token/password requirements...

9.1CVSS6AI score0.00401EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:42 p.m.7 views

OpenClaw vulnerable to path traversal in Feishu media temp-file naming allows writes outside os.tmpdir()

Summary OpenClaw’s Feishu media download flow used untrusted Feishu media keys imageKey / fileKey when building temporary file paths in extensions/feishu/src/media.ts. Because those keys were interpolated directly into temp-file paths, traversal segments could escape the temp directory and redire...

9.1CVSS6AI score0.00339EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:31 p.m.22 views

DOMPurify contains a Cross-site Scripting vulnerability

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in 2.5.9 and 3.3.2, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex...

6.1CVSS5.9AI score0.0034EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:31 p.m.7 views

DOMPurify contains a Cross-site Scripting vulnerability

DOMPurify 3.1.3 through 3.2.6 and 2.5.3 through 2.5.8 contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting missing textarea rawtext element validation in the SAFEFORXML regex. Attackers can include closing rawtext tags like in attribute...

6.1CVSS5.8AI score0.00245EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:30 p.m.9 views

OpenClaw Vulnerable to HTML injection via unvalidated image MIME type in data-URL interpolation

Summary The HTML session exporter src/auto-reply/reply/export-html/template.js interpolates img.mimeType directly into attributes without validation or escaping. A crafted mimeType value e.g., x" onerror="alert1 can break out of the attribute context and execute arbitrary JavaScript. Impact An...

6.1CVSS6.1AI score0.00148EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:11 p.m.13 views

Temporary path handling could write outside OpenClaw temp boundary

Summary Sandbox media local-path validation accepted absolute paths under host tmp, even when those paths were outside the active sandbox root. Affected Packages / Versions - Package: openclaw npm - Latest published version verified during triage: 2026.2.23 - Affected versions: = 2026.2.24 Detail...

8.6CVSS6AI score0.00344EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:10 p.m.12 views

OpenClaw: Chrome --no-sandbox disabled OS-level browser sandbox in sandbox browser container

Summary Sandbox browser container launched Chromium with --no-sandbox by default, disabling Chromium's OS-level sandbox protections. Affected Packages / Versions - Package: openclaw npm ecosystem - Latest published npm version at triage time 2026-02-21: 2026.2.19-2 - Affected range: = 2026.2.19-2...

9.8CVSS5.9AI score0.00288EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:10 p.m.10 views

OpenClaw's MSTeams attachment redirect handling could bypass configured media host allowlists

Summary In OpenClaw MSTeams media download flows, redirect handling could bypass configured mediaAllowHosts checks in specific attachment paths. Redirect chains were not consistently constrained to allowlisted targets before accepting fetched content. Affected Packages / Versions - Package:...

6.5CVSS5.9AI score0.00172EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:9 p.m.7 views

OpenClaw's hook transform module path allows traversal and arbitrary JavaScript module loading

Summary OpenClaw hook mapping transforms could be loaded via absolute paths or .. traversal, allowing arbitrary JavaScript module loading/execution in the gateway process when an attacker can modify hooks configuration. Affected Versions - Affected: = 2.0.0-beta3 and = 2026.2.13 - Fixed: 2026.2.1...

9.8CVSS6.2AI score0.00439EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:9 p.m.10 views

OpenClaw has command injection via Windows shell fallback in Lobster tool execution

Summary The Lobster extension tool execution path used a Windows shell fallback shell: true after spawn failures EINVAL/ENOENT. In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection. Affected Packages / Versions - Package:...

7.8CVSS6.1AI score0.00618EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:9 p.m.6 views

OpenClaw's Telegram message_reaction authorization bypass allows unauthorized system-event injection

A missing sender-authorization check in Telegram messagereaction handling allowed unauthorized users to trigger reaction-derived system events. Affected Packages / Versions - Package: openclaw npm - Introduced: 2026.2.17 - Affected: = 2026.2.17 and = 2026.2.24 - Latest published at patch time:...

5.9AI score
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 6:0 p.m.19 views

OpenClaw has allowlist exec-guard bypass via env -S

Summary In allowlist mode, system.run guardrails could be bypassed through env -S, causing policy-analysis/runtime-execution mismatch for shell wrapper payloads. Severity Rationale Medium This issue is rated medium because it is a guardrail/policy bypass in OpenClaw's trusted-operator model, not ...

8.8CVSS6.1AI score0.00339EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 5:59 p.m.10 views

Wagtail Vulnerable to Cross-site Scripting in simple_translation admin interface

Impact A stored Cross-site Scripting XSS vulnerability exists on confirmation messages within the wagtail.contrib.simpletranslation module. A user with access to the Wagtail admin area may create a page with a specially-crafted title which, when another user performs the "Translate" action, cause...

6.1CVSS6AI score0.00459EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 5:57 p.m.12 views

Wagtail Vulnerable to Cross-site Scripting in TableBlock class attributes

Impact A stored Cross-site Scripting XSS vulnerability exists on rendering TableBlock blocks within a StreamField. A user with access to create or edit pages containing TableBlock StreamField blocks is able to set specially-crafted class attributes on the block which run arbitrary JavaScript code...

6.1CVSS6.1AI score0.00418EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 5:46 p.m.8 views

BentoML Vulnerable to Arbitrary File Write via Symlink Path Traversal in Tar Extraction

Arbitrary File Write via Symlink Path Traversal in Tar Extraction Summary The safeextracttarfile function validates that each tar member's path is within the destination directory, but for symlink members it only validates the symlink's own path, not the symlink's target. An attacker can create a...

8.6CVSS6.5AI score0.00257EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 5:46 p.m.21 views

Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack

Impact In simple words, some programs that use .flatten or .isEqual could be made to crash. Someone who wants to do harm may be able to do this on purpose. This can only be done if the program has special properties. It only works in Underscore versions up to 1.13.7. A more detailed explanation...

8.2CVSS6AI score0.00612EPSS
Exploits1References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 5:43 p.m.10 views

OpenSTAManager affected by unauthenticated privilege escalation via modules/utenti/actions.php

Summary A privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group idgruppo by directly calling modules/utenti/actions.php. This can promote an existing account e.g. agent into the Amministratori group as well as demot...

9.8CVSS6AI score0.00537EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/03 5:40 p.m.15 views

Froxlor has Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection

Summary A typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings — including shell metacharacters — in the panel.adminmail setting. This value i...

9.1CVSS6.5AI score0.00802EPSS
Exploits1References5Affected Software1
Total number of security vulnerabilities33227