Vulnerabilities > Indexhibit > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-30 | CVE-2020-18121 | Incorrect Permission Assignment for Critical Resource vulnerability in Indexhibit 2.1.5 A configuration issue in Indexhibit 2.1.5 allows authenticated attackers to modify .php files, leading to getshell. | 8.8 |
| 2019-02-20 | CVE-2019-8954 | Improper Input Validation vulnerability in Indexhibit 2.1.5 In Indexhibit 2.1.5, remote attackers can execute arbitrary code via the v parameter (in conjunction with the id parameter) in a upd_jxcode=true action to the ndxzstudio/?a=system URI. | 8.8 |