Expressionengine - Expressionengine CVE

Filtered by vendor Expressionengine Subscribe

Filtered by product Expressionengine

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-33199	1 Expressionengine	1 Expressionengine	2021-08-23	7.5 HIGH	9.8 CRITICAL
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg.

Vulnerabilities (CVE)