This page lists publicly disclosed CVE vulnerabilities affecting maarch letterbox (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2015-1587 | Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. | [email protected] | 7.5 | 79.22% | 2015-02-19 | 2026-05-06 |
| CVE-2014-8995 | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | [email protected] | 5.0 | 1.27% | 2014-11-20 | 2026-05-06 |