VYPR
Vendor

Kreado

Products
1
CVEs
2
Across products
2
Status
Private

Products

1

Recent CVEs

2
  • CVE-2021-42675CriJun 14, 2022
    risk 0.64cvss 9.8epss 0.02

    Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution.

  • CVE-2021-44581HigMar 29, 2022
    risk 0.49cvss 7.5epss 0.01

    An SQL Injection vulnerabilty exists in Kreado Kreasfero 1.5 via the id parameter.