Hashbrowncms: Security Vulnerabilities
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.
CVSS Score
9.8
EPSS Score
0.033
Published
2020-01-13
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-01-13
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.
CVSS Score
7.5
EPSS Score
0.005
Published
2020-01-06