Vulnerabilities > Halo > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-27 CVE-2022-32994 Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.5.3
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
network
low complexity
halo CWE-434
critical
 9.8
9.8
2022-06-27 CVE-2022-32995 Server-Side Request Forgery (SSRF) vulnerability in Halo 1.5.3
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
network
low complexity
halo CWE-918
critical
 9.8
9.8
2021-07-12 CVE-2020-19038 Missing Authorization vulnerability in Halo 0.4.3
File Deletion vulnerability in Halo 0.4.3 via delBackup.
network
low complexity
halo CWE-862
critical
 9.1
9.1
2021-07-12 CVE-2020-18980 Unspecified vulnerability in Halo 0.4.3
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
network
low complexity
halo
critical
 9.8
9.8
2020-09-30 CVE-2020-21526 Path Traversal vulnerability in Halo 1.1.3
An Arbitrary file writing vulnerability in halo v1.1.3.
network
low complexity
halo CWE-22
critical
 9.8
9.8
2020-09-30 CVE-2020-21524 XXE vulnerability in Halo 1.1.3
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc.
network
low complexity
halo CWE-611
critical
 9.1
9.1
2020-09-30 CVE-2020-21523 Injection vulnerability in Halo 1.1.3
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function.
network
low complexity
halo CWE-74
critical
 9.8
9.8
2020-09-30 CVE-2020-21522 Path Traversal vulnerability in Halo 1.1.3
An issue was discovered in halo V1.1.3.
network
low complexity
halo CWE-22
critical
 9.8
9.8