本ページは hashbrowncms hashbrown_cms に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-6949 | A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account. | [email protected] | 8.8 | 0.31% | 2020-01-13 | 2024-11-21 |
| CVE-2020-6948 | A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password. | [email protected] | 9.8 | 3.28% | 2020-01-13 | 2024-11-21 |
| CVE-2020-5840 | An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. | [email protected] | 7.5 | 0.47% | 2020-01-06 | 2024-11-21 |