Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41560 | 1 Opencats | 1 Opencats | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. | |||||
| CVE-2021-25295 | 1 Opencats | 1 Opencats | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues. | |||||
| CVE-2021-25294 | 1 Opencats | 1 Opencats | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp. | |||||
| CVE-2019-13358 | 1 Opencats | 1 Opencats | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format. | |||||