Kozos ≫ Easyctf

EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request.

Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors.