RSS   Podatności dla 'Testbox'   RSS

2020-11-24
 
CVE-2020-15929

CWE-77
 

 
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.

 
 
CVE-2020-15928

CWE-22
 

 
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.

 


Copyright 2024, cxsecurity.com

 

Back to Top