VYPR

Kreasfero

by Kreado

CVEs (2)

  • CVE-2021-42675CriJun 14, 2022
    risk 0.64cvss 9.8epss 0.02

    Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

  • CVE-2021-44581HigMar 29, 2022
    risk 0.49cvss 7.5epss 0.01

    An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.