Lucene search

K
MontalaResourcespace

7 matches found

CVE
CVE
added 2015/06/09 2:59 p.m.126 views

CVE-2015-3648

Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.

7.5CVSS7.1AI score0.45832EPSS
CVE
CVE
added 2022/07/17 8:15 p.m.54 views

CVE-2022-31260

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.

6.5CVSS6.6AI score0.13904EPSS
CVE
CVE
added 2021/11/15 4:15 p.m.52 views

CVE-2021-41951

ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the con...

6.1CVSS5.9AI score0.55022EPSS
CVE
CVE
added 2021/11/15 4:15 p.m.38 views

CVE-2021-41765

A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including us...

9.8CVSS10AI score0.36064EPSS
CVE
CVE
added 2021/11/15 4:15 p.m.31 views

CVE-2021-41950

A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the a...

9.1CVSS9.3AI score0.55144EPSS
CVE
CVE
added 2015/09/11 4:59 p.m.29 views

CVE-2015-6915

SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.

7.5CVSS8.7AI score0.00319EPSS
CVE
CVE
added 2011/11/19 3:58 a.m.28 views

CVE-2011-4311

ResourceSpace before 4.2.2833 does not properly validate access keys, which allows remote attackers to bypass intended resource restrictions via unspecified vectors.

5CVSS6.9AI score0.00178EPSS