← Back

Hashbrowncms

hashbrowncms

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Hashbrown Cms
hashbrown_cms
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-6949
1Hashbrowncms
1Hashbrown Cms
Nov 21, 2024
Jan 13, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account.
CVE-2020-6948
1Hashbrowncms
1Hashbrown Cms
Nov 21, 2024
Jan 13, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password.
CVE-2020-5840
1Hashbrowncms
1Hashbrown Cms
Nov 21, 2024
Jan 6, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.