Kreado: >> Kreasfero Security Vulnerabilities
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.
CVSS Score
9.8
EPSS Score
0.042
Published
2022-06-14
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-03-29