Information
- Author: KietNA from Inv1cta Team - HPT Cyber Security Center
- Workmail: kietna@hpt.vn
- Gmail: kietnguyenanh9320@gmail.com
CVE
All of my CVEs
| CVE ID | Description | CVSS 3.0 | Reference |
|---|---|---|---|
| CVE-2021-39497 | get_headers() function lead to Blind Server side request forgery | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39497 |
| CVE-2021-40889 | PHP Code Execution via change password function | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40889 |
| CVE-2021-40887 | Path traversal in import-orphans.php | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40887 |
| CVE-2021-40543 | Unauthenticated SQL Injection in PasswordCheck.php file | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40543 |
| CVE-2021-40884 | Insecure Direct Object Reference in Files function | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-40884 |
| CVE-2021-39500 | Directory Traversal in ajax_newtpl() function in Archives.php controller file | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-39500 |
| CVE-2021-39503 | PHP CODE EXECUTION via Writeconfig() function | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-39503 |
| CVE-2021-40188 | MisConfig in Filemanager allow attacker upload malicious files | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-40188 |
| CVE-2021-40189 | PHP Code Execution in PHPFusion | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-40189 |
| CVE-2021-40886 | Path traversal in Upload file function | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40886 |
| CVE-2021-39499 | Bind email address in user's function lead to XSS | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-39499 |
| CVE-2021-39501 | There is Open redirect vulnerability in param "referurl" of Logout function | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-39501 |
| CVE-2021-40542 | Unauthenticated Reflect Cross-site Scripting in Ajax_url_encode.php file | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-40542 |
| CVE-2021-40888 | Reflected Cross-site Scripting in returnFilesIds() function | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-40888 |
| CVE-2021-39496 | There is Cross-site Scripting in Filemanager | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-39496 |
| CVE-2021-40191 | Lacking of sanitizer fileName lead to Cross-site Scripting in Upload function | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-40191 |