Shodan
Vulnerabilities
Vulnerable Software
Halo:  Security Vulnerabilities
CVE-2020-19037
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-07-12
CVE-2020-19038
File Deletion vulnerability in Halo 0.4.3 via delBackup.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-07-12
CVE-2020-23079
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-07-12
CVE-2020-18980
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-07-12
CVE-2020-18979
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-07-12
CVE-2020-21345
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-05-20
CVE-2020-21524
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423
CVSS Score
9.1
EPSS Score
0.003
Published
2020-09-30
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
CVSS Score
7.5
EPSS Score
0.012
Published
2020-09-30
CVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
CVSS Score
9.8
EPSS Score
0.013
Published
2020-09-30
CVE-2020-21527
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.
CVSS Score
7.7
EPSS Score
0.005
Published
2020-09-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved