CVE-2023-46694
- EPSS 9.08%
- Veröffentlicht 28.05.2024 20:16:20
- Zuletzt bearbeitet 21.11.2024 08:29:05
Vtenext 21.02 allows an authenticated attacker to upload arbitrary files, potentially enabling them to execute remote commands. This flaw exists due to the application's failure to enforce proper authentication controls when accessing the Ckeditor fi...
CVE-2020-10227
- EPSS 0.51%
- Veröffentlicht 14.09.2020 20:15:10
- Zuletzt bearbeitet 21.11.2024 04:55:00
A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows attackers to inject arbitrary JavaScript code via the From field of an email.
CVE-2020-10228
- EPSS 6.81%
- Veröffentlicht 14.09.2020 20:15:10
- Zuletzt bearbeitet 21.11.2024 04:55:00
A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution.
CVE-2020-10229
- EPSS 0.3%
- Veröffentlicht 14.09.2020 20:15:10
- Zuletzt bearbeitet 21.11.2024 04:55:00
A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administrator's behalf, such as uploading files, adding users, and deleting accounts.