CVE-2024-55371
- EPSS 0.21%
- Veröffentlicht 16.04.2025 00:00:00
- Zuletzt bearbeitet 03.06.2025 15:00:13
Wallos <= 2.38.2 has a file upload vulnerability in the restore backup function, which allows authenticated users to restore backups by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an auth...
CVE-2024-55372
- EPSS 1.32%
- Veröffentlicht 16.04.2025 00:00:00
- Zuletzt bearbeitet 03.06.2025 14:59:54
Wallos <=2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an ...
CVE-2024-57386
- EPSS 0.04%
- Veröffentlicht 23.01.2025 22:15:15
- Zuletzt bearbeitet 31.01.2025 16:13:06
Cross Site Scripting vulnerability in Wallos v.2.41.0 allows a remote attacker to execute arbitrary code via the profile picture function.
CVE-2024-29320
- EPSS 0.14%
- Veröffentlicht 30.04.2024 16:15:07
- Zuletzt bearbeitet 03.06.2025 15:00:55
Wallos before 1.15.3 is vulnerable to SQL Injection via the category and payment parameters to /subscriptions/get.php.
CVE-2024-22776
- EPSS 0.1%
- Veröffentlicht 23.02.2024 15:15:09
- Zuletzt bearbeitet 03.06.2025 15:02:52
Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields.