← Back

Kreasfero

kreasfero

Vendor: Kreado • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-42675
1Kreado
1Kreasfero
Jun 17, 2026
Jun 14, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.
CVE-2021-44581
1Kreado
1Kreasfero
Jun 17, 2026
Mar 29, 2022
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.