VYPR
Vendor

Cachethq

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2021-39174HigAug 28, 2021
    risk 0.58cvss 8.8epss 0.04

    Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can leak the value of any configuration entry of the dotenv file, e.g. the application secret (`APP_KEY`) and various passwords (email,…

  • CVE-2021-39173HigAug 27, 2021
    risk 0.57cvss 8.8epss 0.02

    Cachet is an open source status page system. Prior to version 2.5.1 authenticated users, regardless of their privileges (User or Admin), can trick Cachet and install the instance again, leading to arbitrary code execution on the server. This issue was addressed in version 2.5.1…

  • CVE-2023-43661HigOct 11, 2023
    risk 0.54cvss 8.8epss 0.47

    Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of…

  • CVE-2021-39172HigAug 27, 2021
    risk 0.53cvss 8.8epss 0.29

    Cachet is an open source status page system. Prior to version 2.5.1, authenticated users, regardless of their privileges (User or Admin), can exploit a new line injection in the configuration edition feature (e.g. mail settings) and gain arbitrary code execution on the server.…

  • CVE-2021-39165HigAug 26, 2021
    risk 0.46cvss 8.1epss 0.10

    Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as…