本頁列出影響 hashbrowncms hashbrown_cms 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2020-6949 | A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account. | [email protected] | 8.8 | 1.28% | 2020-01-13 | 2026-06-16 |
| CVE-2020-6948 | A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password. | [email protected] | 9.8 | 3.57% | 2020-01-13 | 2026-06-16 |
| CVE-2020-5840 | An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field. | [email protected] | 7.5 | 1.49% | 2020-01-06 | 2026-06-16 |