An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
CVSS Score
7.6
EPSS Score
0.062
Published
2024-04-11
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
CVSS Score
8.8
EPSS Score
0.03
Published
2024-04-08
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
CVSS Score
6.0
EPSS Score
0.003
Published
2024-04-08
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
CVSS Score
7.5
EPSS Score
0.008
Published
2024-04-08