Nbnbk

nbnbk

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-46492 1Nbnbk Project 1Nbnbk Apr 15, 2025 Dec 23, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 nbnbk commit 879858451d53261d10f77d4709aee2d01c72c301 was discovered to contain an arbitrary file read vulnerability via the component /api/Index/getFileBinary.
CVE-2022-46493 1Nbnbk Project 1Nbnbk Apr 15, 2025 Dec 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.
CVE-2022-46491 1Nbnbk Project 1Nbnbk Apr 15, 2025 Dec 22, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.
CVE-2022-31386 1Nbnbk Project 1Nbnbk Nov 21, 2024 Jun 9, 2022 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.