Y4tacker/Web-Security

Y4tacker/Web-Security

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases1

Frequency

Last Release over 5 years ago

Stars28

A repository to record my usual studies

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-37767 ↗	Sep 12, 2022Monday, 12 September 2022, 14:15	9.8 CRITICAL	—
Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. NOTE: the vendor disputes this because input to the Pebble templating engine is intended to include arbitrary Java code, and thus either the input should not arrive from an untrusted source, or else the application using the engine should apply restrictions to the input. The engine is not responsible for validating the input.
CVE-2021-45364 ↗	Feb 10, 2022Thursday, 10 February 2022, 19:15	9.8 CRITICAL	7.5 HIGH
A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. NOTE: the vendor indicates that there was an error in publishing this CVE Record, and that all parties agree that the affected code was not used in any Statamic product
CVE-2021-44892 ↗	Feb 10, 2022Thursday, 10 February 2022, 17:15	8.8 HIGH	6.5 MEDIUM
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges.