Vulnerabilities > Squiz > Matrix > 5.5.1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-11 | CVE-2019-19374 | Path Traversal vulnerability in Squiz Matrix An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the server during interaction with the File Upload field type, when a custom form exists. | 7.5 |
| 2019-12-11 | CVE-2019-19373 | Deserialization of Untrusted Data vulnerability in Squiz Matrix An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parameter during processing of a Remote Content page type. | 5.0 |