Halo ≫ Halo

Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.

Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.

Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function.

In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.

In Halo, versions v1.0.0 to v1.4.17 (latest) are vulnerable to Stored Cross-Site Scripting (XSS) in the article tag. An authenticated admin attacker can inject arbitrary javascript code that will execute on a victim’s server.

File Deletion vulnerability in Halo 0.4.3 via delBackup.

SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.

Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.

Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.

Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.