Hyperkopite/Roothub_vulns

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-28052 ↗	Apr 13, 2022Wednesday, 13 April 2022, 15:15	8 HIGH	6 MEDIUM
Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function store in Roothub 2.6.0 allows remote attackers with low privlege to arbitrarily upload files via /common/upload API, which could lead to remote arbitrary code execution.
CVE-2022-27472 ↗	Apr 12, 2022Tuesday, 12 April 2022, 16:15	9.8 CRITICAL	7.5 HIGH
SQL injection vulnerability in Topics Counting feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.
CVE-2022-27473 ↗	Apr 12, 2022Tuesday, 12 April 2022, 16:15	9.8 CRITICAL	7.5 HIGH
SQL injection vulnerability in Topics Searching feature of Roothub 2.6.0 allows unauthorized attackers to execute arbitrary SQL commands via the "s" parameter remotely.