VYPR

blog-ssm

by rawchen

CVEs (4)

  • CVE-2022-40037CriJan 26, 2023
    risk 0.64cvss 9.8epss 0.02

    An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.

  • CVE-2022-40035HigJan 26, 2023
    risk 0.57cvss 8.8epss 0.01

    File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.

  • CVE-2022-40036MedJan 26, 2023
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.

  • CVE-2022-40034MedJan 23, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.