5 matches found
CVE-2020-11055
BookStack versions >= 0.18.0 and
CVE-2020-5256
BookStack before version 0.25.5 is vulnerable to remote code execution via image uploads, allowing an attacker to upload PHP files and execute code with the PHP process privileges. The issue affects scenarios where non-trusted users can upload images and was addressed by patches in v0.25.3, v0.25...
CVE-2020-26211
In BookStack
CVE-2020-26210
CVE-2020-26210 affects BookStack prior to version 0.30.4. A user with page-edit permissions could insert an attached link that executes untrusted JavaScript when a viewer clicks it, potentially leaving dangerous content in the database. The issue is fixed in 0.30.4. Workarounds include restrictin...
CVE-2020-26260
Summary: CVE-2020-26260 affects BookStack prior to v0.30.5. A user with page-edit permissions could set certain image URLs to manipulate the exporting system, enabling server-side requests and access to a wider scope of files within BookStack’s file storage. Root cause / impact (as stated): The v...