Vulnerabilities (CVE)

Filtered by vendor Klogserver Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-3317 1 Klogserver 1 Klog Server 2024-11-21 6.5 MEDIUM 8.8 HIGH
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVE-2020-35729 1 Klogserver 1 Klog Server 2024-11-21 10.0 HIGH 9.8 CRITICAL
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.