Show filters
13 Total Results
Displaying 11-13 of 13
Sort by:
Attacker Value
Unknown

CVE-2014-5297

Disclosure Date: October 10, 2014 (last updated October 05, 2023)
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSRF) attacks via crafted serialized data in the report parameter.
0
0
Attacker Value
Unknown

CVE-2013-5693

Disclosure Date: September 30, 2013 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
0
0
Attacker Value
Unknown

CVE-2013-5692

Disclosure Date: September 30, 2013 (last updated October 05, 2023)
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
0
0
View More Topics  < Previous