Filtered by vendor Opencats
Subscriptions
Filtered by product Opencats
Subscriptions
Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41560 | 1 Opencats | 1 Opencats | 2024-11-21 | 9.8 Critical |
| OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. | ||||
| CVE-2021-25295 | 1 Opencats | 1 Opencats | 2024-11-21 | 6.1 Medium |
| OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues. | ||||
| CVE-2021-25294 | 1 Opencats | 1 Opencats | 2024-11-21 | 9.8 Critical |
| OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp. | ||||
| CVE-2019-13358 | 1 Opencats | 1 Opencats | 2024-11-21 | 7.5 High |
| lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format. | ||||