Vulnerabilities (CVE)

Filtered by vendor Bearadmin Project Subscribe

Filtered by product Bearadmin

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2018-11414	1 Bearadmin Project	1 Bearadmin	2018-06-25	6.5 MEDIUM	8.8 HIGH
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.
CVE-2018-11413	1 Bearadmin Project	1 Bearadmin	2018-06-25	4.0 MEDIUM	6.5 MEDIUM
An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.