Vulnerabilities > Halo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-26619 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.4.17 Halo Blog CMS v1.4.17 was discovered to allow attackers to upload arbitrary files via the Attachment Upload function. | 7.5 |
| 2021-07-12 | CVE-2020-23079 | Server-Side Request Forgery (SSRF) vulnerability in Halo SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet. | 7.5 |
| 2020-09-30 | CVE-2020-21527 | Path Traversal vulnerability in Halo 1.1.3 There is an Arbitrary file deletion vulnerability in halo v1.1.3. | 7.7 |
| 2020-09-30 | CVE-2020-21525 | Path Traversal vulnerability in Halo 1.1.3 Halo V1.1.3 is affected by: Arbitrary File reading. | 7.5 |
| 2019-12-26 | CVE-2019-19999 | Server-Side Request Forgery (SSRF) vulnerability in Halo Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration. | 7.2 |