VYPR
Vendor

Kbgsft

Products
3
CVEs
3
Across products
3
Status
Private

Products

3

Recent CVEs

3
  • CVE-2020-35362HigDec 26, 2020
    risk 0.49cvss 7.5epss 0.02

    DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct…

  • CVE-2020-13894HigJun 7, 2020
    risk 0.49cvss 7.5epss 0.01

    handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field.

  • CVE-2019-17575HigOct 14, 2019
    risk 0.47cvss 7.2epss 0.01

    A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base…