Search criteria
15 vulnerabilities found for batflat by batflat
FKIE_CVE-2021-41652
Vulnerability from fkie_nvd - Published: 2022-03-01 23:15 - Updated: 2024-11-21 06:26
Severity ?
Summary
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://deathflash1411.github.io/blog/dumping-batflat-cms-database | Broken Link | |
| cve@mitre.org | https://github.com/sruupl/batflat/issues/113 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://deathflash1411.github.io/blog/dumping-batflat-cms-database | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sruupl/batflat/issues/113 | Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:batflat:batflat:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD502D1-2B27-4BC5-9DF2-C71F42212D85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database."
},
{
"lang": "es",
"value": "Unos permisos no seguros en el archivo database.sdb de BatFlat CMS versi\u00f3n v1.3.6, permiten a atacantes volcar la base de datos completa"
}
],
"id": "CVE-2021-41652",
"lastModified": "2024-11-21T06:26:35.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-01T23:15:08.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/113"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27679
Vulnerability from fkie_nvd - Published: 2021-03-11 17:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/sruupl/batflat/issues/105 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sruupl/batflat/issues/105 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:batflat:batflat:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD502D1-2B27-4BC5-9DF2-C71F42212D85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en Navigation en Batflat CMS versi\u00f3n 1.3.6, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio del campo name"
}
],
"id": "CVE-2021-27679",
"lastModified": "2024-11-21T05:58:25.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-11T17:15:13.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27677
Vulnerability from fkie_nvd - Published: 2021-03-11 17:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/sruupl/batflat/issues/105 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sruupl/batflat/issues/105 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:batflat:batflat:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD502D1-2B27-4BC5-9DF2-C71F42212D85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en Galleries de Batflat CMS versi\u00f3n 1.3.6, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio del campo name"
}
],
"id": "CVE-2021-27677",
"lastModified": "2024-11-21T05:58:25.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-11T17:15:12.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-27678
Vulnerability from fkie_nvd - Published: 2021-03-11 17:15 - Updated: 2024-11-21 05:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/sruupl/batflat/issues/105 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sruupl/batflat/issues/105 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:batflat:batflat:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD502D1-2B27-4BC5-9DF2-C71F42212D85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-site scripting (XSS) en Snippets en Batflat CMS versi\u00f3n 1.3.6, permite a atacantes remotos inyectar script web o HTML arbitrarios por medio del campo name"
}
],
"id": "CVE-2021-27678",
"lastModified": "2024-11-21T05:58:25.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-03-11T17:15:12.987",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-35734
Vulnerability from fkie_nvd - Published: 2021-02-15 21:15 - Updated: 2024-11-21 05:27
Severity ?
Summary
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://batflat.org/en/changelog | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/sruupl/batflat/issues/98 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://batflat.org/en/changelog | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sruupl/batflat/issues/98 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:batflat:batflat:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD502D1-2B27-4BC5-9DF2-C71F42212D85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user\u0027s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
},
{
"lang": "es",
"value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Sruu.pl en Batflat versi\u00f3n 1.3.6, permite a un usuario autenticado realizar una inyecci\u00f3n de c\u00f3digo (y en consecuencia una ejecuci\u00f3n de c\u00f3digo remota) por medio de los campos de entrada de la pesta\u00f1a Users.\u0026#xa0;Para aprovechar esto, uno debe iniciar sesi\u00f3n en el panel de administraci\u00f3n y editar los datos de un usuario arbitrario (nombre de usuario, nombre mostrado, etc.).\u0026#xa0;NOTA: Esta vulnerabilidad solo afecta a los productos que ya no son compatibles con el mantenedor"
}
],
"id": "CVE-2020-35734",
"lastModified": "2024-11-21T05:27:58.373",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-02-15T21:15:13.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://batflat.org/en/changelog"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/98"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://batflat.org/en/changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/sruupl/batflat/issues/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-41652 (GCVE-0-2021-41652)
Vulnerability from cvelistv5 – Published: 2022-03-01 22:38 – Updated: 2024-08-04 03:15
VLAI?
Summary
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T22:38:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database",
"refsource": "MISC",
"url": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database"
},
{
"name": "https://github.com/sruupl/batflat/issues/113",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41652",
"datePublished": "2022-03-01T22:38:47",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27679 (GCVE-0-2021-27679)
Vulnerability from cvelistv5 – Published: 2021-03-11 16:23 – Updated: 2024-08-03 21:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T16:23:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sruupl/batflat/issues/105",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27679",
"datePublished": "2021-03-11T16:23:14",
"dateReserved": "2021-02-25T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27678 (GCVE-0-2021-27678)
Vulnerability from cvelistv5 – Published: 2021-03-11 16:23 – Updated: 2024-08-03 21:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T16:23:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sruupl/batflat/issues/105",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27678",
"datePublished": "2021-03-11T16:23:07",
"dateReserved": "2021-02-25T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27677 (GCVE-0-2021-27677)
Vulnerability from cvelistv5 – Published: 2021-03-11 16:22 – Updated: 2024-08-03 21:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T16:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sruupl/batflat/issues/105",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27677",
"datePublished": "2021-03-11T16:22:57",
"dateReserved": "2021-02-25T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35734 (GCVE-0-2020-35734)
Vulnerability from cvelistv5 – Published: 2021-02-15 20:49 – Updated: 2024-08-04 17:09 Unsupported When Assigned
VLAI?
Summary
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-35734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:15:58.124755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:16:06.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://batflat.org/en/changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user\u0027s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-18T15:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://batflat.org/en/changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user\u0027s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://batflat.org/en/changelog",
"refsource": "MISC",
"url": "https://batflat.org/en/changelog"
},
{
"name": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/",
"refsource": "MISC",
"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"
},
{
"name": "https://github.com/sruupl/batflat/issues/98",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/98"
},
{
"name": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35734",
"datePublished": "2021-02-15T20:49:31",
"dateReserved": "2020-12-27T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41652 (GCVE-0-2021-41652)
Vulnerability from nvd – Published: 2022-03-01 22:38 – Updated: 2024-08-04 03:15
VLAI?
Summary
Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:29.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-01T22:38:47",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/113"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insecure permissions in the file database.sdb of BatFlat CMS v1.3.6 allows attackers to dump the entire database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database",
"refsource": "MISC",
"url": "https://deathflash1411.github.io/blog/dumping-batflat-cms-database"
},
{
"name": "https://github.com/sruupl/batflat/issues/113",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/113"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41652",
"datePublished": "2022-03-01T22:38:47",
"dateReserved": "2021-09-27T00:00:00",
"dateUpdated": "2024-08-04T03:15:29.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27679 (GCVE-0-2021-27679)
Vulnerability from nvd – Published: 2021-03-11 16:23 – Updated: 2024-08-03 21:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T16:23:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sruupl/batflat/issues/105",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27679",
"datePublished": "2021-03-11T16:23:14",
"dateReserved": "2021-02-25T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27678 (GCVE-0-2021-27678)
Vulnerability from nvd – Published: 2021-03-11 16:23 – Updated: 2024-08-03 21:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T16:23:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Snippets in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sruupl/batflat/issues/105",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27678",
"datePublished": "2021-03-11T16:23:07",
"dateReserved": "2021-02-25T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27677 (GCVE-0-2021-27677)
Vulnerability from nvd – Published: 2021-03-11 16:22 – Updated: 2024-08-03 21:26
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:10.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-11T16:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/105"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-27677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Galleries in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sruupl/batflat/issues/105",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/105"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-27677",
"datePublished": "2021-03-11T16:22:57",
"dateReserved": "2021-02-25T00:00:00",
"dateUpdated": "2024-08-03T21:26:10.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35734 (GCVE-0-2020-35734)
Vulnerability from nvd – Published: 2021-02-15 20:49 – Updated: 2024-08-04 17:09 Unsupported When Assigned
VLAI?
Summary
Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-35734",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:15:58.124755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:16:06.832Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://batflat.org/en/changelog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/sruupl/batflat/issues/98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user\u0027s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-18T15:06:08",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://batflat.org/en/changelog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sruupl/batflat/issues/98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user\u0027s data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://batflat.org/en/changelog",
"refsource": "MISC",
"url": "https://batflat.org/en/changelog"
},
{
"name": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/",
"refsource": "MISC",
"url": "https://secator.pl/index.php/2021/02/15/batflat-v-1-3-6-authenticated-remote-code-execution-public-disclosure/"
},
{
"name": "https://github.com/sruupl/batflat/issues/98",
"refsource": "MISC",
"url": "https://github.com/sruupl/batflat/issues/98"
},
{
"name": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/161457/Batflat-CMS-1.3.6-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35734",
"datePublished": "2021-02-15T20:49:31",
"dateReserved": "2020-12-27T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}