Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Halo Subscribe
Filtered by product Halo

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-19038 1 Halo 1 Halo 2022-07-10 6.4 MEDIUM 9.1 CRITICAL
File Deletion vulnerability in Halo 0.4.3 via delBackup.
CVE-2022-32995 1 Halo 1 Halo 2022-07-06 7.5 HIGH 9.8 CRITICAL
Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function.
CVE-2022-32994 1 Halo 1 Halo 2022-07-06 7.5 HIGH 9.8 CRITICAL
Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload.
CVE-2020-21522 1 Halo 1 Halo 2020-10-13 7.5 HIGH 9.8 CRITICAL
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
CVE-2020-21523 1 Halo 1 Halo 2020-10-09 10.0 HIGH 9.8 CRITICAL
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}
CVE-2020-21524 1 Halo 1 Halo 2020-10-08 6.4 MEDIUM 9.1 CRITICAL
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423
CVE-2020-21526 1 Halo 1 Halo 2020-10-07 7.5 HIGH 9.8 CRITICAL
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.