Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Hashbrowncms Subscribe
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6948 1 Hashbrowncms 1 Hashbrown Cms 2021-07-21 7.5 HIGH 9.8 CRITICAL
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.
CVE-2020-6949 1 Hashbrowncms 1 Hashbrown Cms 2020-01-17 6.5 MEDIUM 8.8 HIGH
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.
CVE-2020-5840 1 Hashbrowncms 1 Hashbrown Cms 2020-01-14 5.0 MEDIUM 7.5 HIGH
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.