RSS   Podatności dla 'Kreasfero'   RSS

2022-06-14
 
CVE-2021-42675

CWE-434
 

 
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

 
2022-03-29
 
CVE-2021-44581

CWE-89
 

 
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top