Vulnerabilities > Squiz > Matrix > 5.5.1.1

DATE CVE VULNERABILITY TITLE RISK
2019-12-11 CVE-2019-19374 Path Traversal vulnerability in Squiz Matrix
An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists.
network
low complexity
squiz CWE-22
critical
 9.1
9.1
2019-12-11 CVE-2019-19373 Deserialization of Untrusted Data vulnerability in Squiz Matrix
An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type.
network
low complexity
squiz CWE-502
7.5
7.5