zongdeiqianxing/cve-reports

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-32994 ↗	Jun 27, 2022Monday, 27 June 2022, 23:15	9.8 CRITICAL	7.5 HIGH
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
CVE-2022-32995 ↗	Jun 27, 2022Monday, 27 June 2022, 23:15	9.8 CRITICAL	7.5 HIGH
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.