RSS   Podatności dla 'Opencats'   RSS

2021-12-15
 
CVE-2021-41560

CWE-434
 

 
OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.

 
2021-01-18
 
CVE-2021-25295

CWE-79
 

 
OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.

 
 
CVE-2021-25294

CWE-502
 

 
OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp.

 
2019-07-05
 
CVE-2019-13358

CWE-611
 

 
lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.

 


Copyright 2024, cxsecurity.com

 

Back to Top