This page lists publicly disclosed CVE vulnerabilities affecting hashbrowncms hashbrown_cms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-6949 | A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account. | [email protected] | 8.8 | 0.31% | 2020-01-13 | 2024-11-21 |
| CVE-2020-6948 | A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password. | [email protected] | 9.8 | 3.28% | 2020-01-13 | 2024-11-21 |
| CVE-2020-5840 | An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. | [email protected] | 7.5 | 0.47% | 2020-01-06 | 2024-11-21 |