Lucene search
+L
BookstackappBookstack

10 matches found

CVE
CVE
added 2020/05/07 8:40 p.m.105 views

CVE-2020-11055

BookStack versions >= 0.18.0 and

6.3CVSS5.3AI score0.00782EPSS
CVE
CVE
added 2022/01/06 5:35 p.m.89 views

CVE-2021-4194

CVE-2021-4194 is linked to BookStack (bookstackapp/bookstack) and described across multiple feeds as an Improper Access Control vulnerability. The connected documents identify the issue as an access control error but do not provide concrete technical details such as affected versions, root-cause ...

6.5CVSS5.2AI score0.00707EPSS
CVE
CVE
added 2021/11/30 7:55 p.m.80 views

CVE-2021-4026

CVE-2021-4026 affects BookStack (open-source PHP/Laravel app). The vulnerability is an Improper Access Control in which users with API access can view attachments they should not have read access to, potentially exposing sensitive information. The issue is documented across multiple feeds (NVD en...

6.5CVSS4.7AI score0.00897EPSS
CVE
CVE
added 2023/11/20 10:21 p.m.71 views

CVE-2023-6199

The CVE-2023-6199 entry concerns Book Stack (BookStack) v23.10.2 with a Server-Side Request Forgery flaw that enables Local File Read via SSRF. The connected exploits/documentation show an attack chain using php://filter to read server files (e.g., /etc/passwd) by abusing the SSRF entry point ( o...

6.5CVSS6.4AI score0.01381EPSS
Web
CVE
CVE
added 2021/12/02 4:40 p.m.63 views

CVE-2021-3944

CVE-2021-3944 affects BookStack. Multiple connected sources confirm a cross-site request forgery (CSRF) vulnerability in BookStack/BookStackApp, caused by insufficient CSRF validation. Documented details indicate the issue is CSRF without explicit exploitation vectors or patched versions in the p...

6.8CVSS5.1AI score0.00621EPSS
CVE
CVE
added 2021/11/05 2:50 p.m.57 views

CVE-2021-3916

CVE-2021-3916 affects BookStack (bookstackapp/bookstack). The vulnerability is an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) in the web-facing file handling, enabling access to files under the storage directory via crafted pathnames. The PoC demonstrates traversa...

6.5CVSS6.4AI score0.01202EPSS
CVE
CVE
added 2021/10/27 9:20 p.m.55 views

CVE-2021-3906

CVE-2021-3906 affects BookStack (bookstackapp/bookstack) via Unrestricted Upload of File with Dangerous Type. The root cause is a validation bypass: trim is applied to single-quoted strings, so an extension like pngr becomes png after trimming, allowing dangerous files to pass validation. This en...

6.5CVSS5.9AI score0.00646EPSS
CVE
CVE
added 2020/12/09 4:20 p.m.49 views

CVE-2020-26260

Summary: CVE-2020-26260 affects BookStack prior to v0.30.5. A user with page-edit permissions could set certain image URLs to manipulate the exporting system, enabling server-side requests and access to a wider scope of files within BookStack’s file storage. Root cause / impact (as stated): The v...

6.4CVSS6.2AI score0.00827EPSS
CVE
CVE
added 2021/09/02 12:6 p.m.49 views

CVE-2021-3758

CVE-2021-3758 affects BookStack (bookstackapp/bookstack). The vulnerability is an SSRF flaw in how a page exported to PDF handles HTML content (e.g., an tag referencing external resources). The PoC shows server-side requests triggered during PDF export, enabling access to internal resources from...

6.5CVSS6.4AI score0.008EPSS
CVE
CVE
added 2021/10/15 1:40 p.m.48 views

CVE-2021-3874

CVE-2021-3874: Path traversal in bookstackapp/bookstack (BookStack) due to improper restriction of restricted-directory pathnames. Impact described in connected sources as exposure of sensitive files via crafted pathnames (e.g., accessing logs/.htaccess) in BookStack export/filesystem operations....

6.5CVSS5.3AI score0.01163EPSS