2 matches found
CVE-2020-12766
CVE-2020-12766 affects Gnuteca 3.8 and is a SQL Injection in action=main:search:simpleSearch via the exemplaryStatusId parameter. The CVSS3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) yields base score 9.8 (CRITICAL); CVSS2 base 7.5 (HIGH). Impacts: confidentiality, integrity, and availability...
CVE-2020-12764
CVE-2020-12764 affects Gnuteca 3.8, exposing a directory traversal in file.php?folder=/&file= that allows access to restricted paths. The description consistently states that the vulnerability arises from improper filtering of path elements, enabling traversal outside the intended directory. Publ...