2 matches found
CVE-2023-42178
Lenosp versions 1.0.0–1.2.0 are vulnerable to SQL Injection via the log query module. The connected documents confirm the affected range and the module as the entry point, but do not provide exploit specifics. PT-2023-28285 suggests restricting access to the log query module as a mitigation until...
CVE-2023-42180
CVE-2023-42180 affects lenosp versions 1.0–1.2.0. The vulnerability is an arbitrary file upload in the /user/upload component that allows an attacker to execute HTML code through a crafted JPG file. This is a root-cause issue in handling file uploads rather than a traditional code-path flaw, as r...