Opencats

opencats

Vendor: Opencats • 24 CVEs

CVEs (24)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-41560 1Opencats 1Opencats Nov 21, 2024 Dec 15, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php.
CVE-2021-25295 1Opencats 1Opencats Nov 21, 2024 Jan 18, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues.
CVE-2021-25294 1Opencats 1Opencats Nov 21, 2024 Jan 18, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter...Show more OpenCATS through 0.9.5-3 unsafely deserializes index.php?m=activity requests, leading to remote code execution. This occurs because lib/DataGrid.php calls unserialize for the parametersactivity:ActivityDataGrid parameter. The PHP object injection exploit chain can leverage an __destruct magic method in guzzlehttp.Show less
CVE-2019-13358 1Opencats 1Opencats Nov 21, 2024 Jul 5, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 lib/DocumentToText.php in OpenCats before 0.9.4-3 has XXE that allows remote users to read files on the underlying operating system. The attacker must upload a file in the docx or odt format.