Vulnerabilities (CVE)

Filtered by vendor Nbnbk Project Subscribe
Filtered by product Nbnbk
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-46493 1 Nbnbk Project 1 Nbnbk 2024-11-21 N/A 9.8 CRITICAL
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.
CVE-2022-46492 1 Nbnbk Project 1 Nbnbk 2024-11-21 N/A 6.5 MEDIUM
nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.
CVE-2022-46491 1 Nbnbk Project 1 Nbnbk 2024-11-21 N/A 6.5 MEDIUM
A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.
CVE-2022-31386 1 Nbnbk Project 1 Nbnbk 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.