RSS   Podatności dla 'Kreasfero'   RSS

2022-06-14
 
CVE-2021-42675

CWE-434
 
 
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

 
2022-03-29
 
CVE-2021-44581

CWE-89
 
 
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.

 

Copyright 2024, cxsecurity.com

 

Back to Top