Vulnerabilities > Halo > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-27 | CVE-2022-32994 | Unrestricted Upload of File with Dangerous Type vulnerability in Halo 1.5.3 Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | 7.5 |
2022-06-27 | CVE-2022-32995 | Server-Side Request Forgery (SSRF) vulnerability in Halo 1.5.3 Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | 7.5 |
2021-07-12 | CVE-2020-18980 | Unspecified vulnerability in Halo 0.4.3 Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters. | 7.5 |
2020-09-30 | CVE-2020-21527 | Path Traversal vulnerability in Halo 1.1.3 There is an Arbitrary file deletion vulnerability in halo v1.1.3. | 8.5 |
2020-09-30 | CVE-2020-21526 | Path Traversal vulnerability in Halo 1.1.3 An Arbitrary file writing vulnerability in halo v1.1.3. | 7.5 |
2020-09-30 | CVE-2020-21522 | Path Traversal vulnerability in Halo 1.1.3 An issue was discovered in halo V1.1.3. | 7.5 |