Planetestream

planetestream

8 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-45896 1Planetestream 1Planet Estream Apr 14, 2025 Dec 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execu...Show more Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.Show less
CVE-2022-45895 1Planetestream 1Planet Estream Apr 14, 2025 Dec 25, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
CVE-2022-45894 1Planetestream 1Planet Estream Apr 14, 2025 Dec 25, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.
CVE-2022-45893 1Planetestream 1Planet Estream Apr 14, 2025 Dec 25, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that pro...Show more Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access.Show less
CVE-2022-45892 1Planetestream 1Planet Estream Apr 14, 2025 Dec 25, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Chan...Show more In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username.Show less
CVE-2022-45891 1Planetestream 1Planet Estream Apr 15, 2025 Dec 25, 2022 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList)...Show more Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList).Show less
CVE-2022-45890 1Planetestream 1Planet Estream Apr 14, 2025 Dec 25, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter).
CVE-2022-45889 1Planetestream 1Planet Estream Apr 14, 2025 Dec 25, 2022 N/A· v4 7.2 HIGH· v3 N/A· v2 Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the S...Show more Planet eStream before 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).Show less