Vulnerabilities > Halo > Halo > 1.5.3

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-27164 Unrestricted Upload of File with Dangerous Type vulnerability in Halo
An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.
network
low complexity
halo CWE-434
4.8
4.8
2022-06-27 CVE-2022-32994 Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.5.3
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
network
low complexity
halo CWE-434
7.5
7.5
2022-06-27 CVE-2022-32995 Server-Side Request Forgery (SSRF) vulnerability in Halo 1.5.3
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
network
low complexity
halo CWE-918
7.5
7.5