3 matches found
CVE-2020-6949
HashBrown CMS up to version 1.3.3 contains a privilege-escalation flaw in the postUser function. An editor user can modify the password hash of an admin account or reconfigure that account, enabling lateral/admin access. The vulnerability is described across multiple sources (HashBrown CMS ecosys...
CVE-2020-6948
Summary (CVE-2020-6948): HashBrown CMS up to version 1.3.3 contains a remote code execution flaw in the deployer code path. Specifically, Server/Entity/Deployer/GitDeployer.js uses Service.AppService.exec in a way that mishandles URL, repository, username, and password. The vulnerability is docum...
CVE-2020-5840
Summary: HashBrown CMS prior to 1.3.2 contains a directory traversal vulnerability in Server/Entity/Resource/Connection.js that allows an attacker to reach a parent directory by supplying a crafted name or ID. Impact (as documented): potential access to parent directories, enabling unauthorized n...