|
208251
|
8.8 |
HIGH
Network
|
pluck-cms
|
pluck
|
An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2020-21564
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208252
|
7.7 |
HIGH
Network
|
halo
|
halo
|
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through direct…
|
CWE-22
Path Traversal
|
CVE-2020-21527
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208253
|
9.8 |
CRITICAL
Network
|
halo
|
halo
|
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith func…
|
CWE-22
Path Traversal
|
CVE-2020-21526
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208254
|
7.5 |
HIGH
Network
|
halo
|
halo
|
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function …
|
CWE-22
Path Traversal
|
CVE-2020-21525
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208255
|
9.1 |
CRITICAL
Network
|
halo
|
halo
|
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not …
|
CWE-611
XXE
|
CVE-2020-21524
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208256
|
9.8 |
CRITICAL
Network
|
halo
|
halo
|
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arb…
|
CWE-74
Injection
|
CVE-2020-21523
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208257
|
9.8 |
CRITICAL
Network
|
halo
|
halo
|
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and …
|
CWE-22
Path Traversal
|
CVE-2020-21522
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208258
|
4.9 |
MEDIUM
Network
|
frontaccounting
|
frontaccounting
|
An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php.
|
CWE-22
Path Traversal
|
CVE-2020-21244
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208259
|
9.8 |
CRITICAL
Network
|
metinfo
|
metinfo
|
An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection via the install/index.php?action=adminsetup&cndata=yes&endata=yes&showdata=yes URI.
|
CWE-89
SQL Injection
|
CVE-2020-20800
|
2024-11-21 14:12 |
2020-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
208260
|
5.4 |
MEDIUM
Network
|
elementor
|
elementor_page_builder
|
A stored XSS vulnerability exists in the Custom Link Attributes control Affect function in Elementor Page Builder 2.9.2 and earlier versions. It is caused by inadequate filtering on the link custom a…
|
CWE-79
Cross-site Scripting
|
CVE-2020-20406
|
2024-11-21 14:12 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
