RSS   Vulnerabilities for 'Hashbrown cms'   RSS

2020-01-13
 
CVE-2020-6949

CWE-269
 

 
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.

 
 
CVE-2020-6948

CWE-20
 

 
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.

 
2020-01-06
 
CVE-2020-5840

CWE-22
 

 
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.

 


Copyright 2024, cxsecurity.com

 

Back to Top