Security Vulnerabilities - CVEs Published In June 2021
AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulnerability which allows attackers to obtain sensitive database information.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-06-03
AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-06-03
AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-06-03
AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripting attack vulnerability which allows the attacker to obtain sensitive information of other users.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-03
OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability.
CVSS Score
8.1
EPSS Score
0.003
Published
2021-06-03
OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-03
wire-ios is the iOS version of Wire, an open-source secure messaging app. In wire-ios versions 3.8.0 and prior, a vulnerability exists that can cause a denial of service between users. If a user has an invalid assetID for their profile picture and it contains the " character, it will cause the iOS client to crash. The vulnerability is patched in wire-ios version 3.8.1.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-06-03
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for `docs_dir` in `mkdocs.yml`. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the `mkdocs.yml` in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the `0.6.3` release of `@backstage/techdocs-common`.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-06-03
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
CVSS Score
7.5
EPSS Score
0.008
Published
2021-06-03
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-06-03