CVE-2021-42675
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.
9.8CVSS
9.8AI Score
0.018EPSS
CVE-2021-44581
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.
7.5CVSS
8AI Score
0.001EPSS