Exploit Database

146,315 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-23079 WRITEUP HIGH
halo <= 1.3.2 - Server-Side Request Forgery via SMTP Configuration
SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration, which can detect the server intranet.
CVSS 7.5
CVE-2020-21527 WRITEUP HIGH
halo v1.1.3 - Arbitrary File Deletion via Backup Function
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.
CVSS 7.7
CVE-2020-21526 WRITEUP CRITICAL
halo v1.1.3 - Arbitrary File Write via Path Traversal Bypass
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
CVSS 9.8
CVE-2020-21525 WRITEUP HIGH
Halo 1.1.3 - Arbitrary File Read via Directory Traversal Bypass
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
CVSS 7.5
CVE-2020-21524 WRITEUP CRITICAL
Halo 1.1.3 - XML External Entity Injection via WordPress Migration Import
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423
CVSS 9.1
CVE-2020-21523 WRITEUP CRITICAL
halo CMS 1.1.3 - Server-Side Freemarker Template Injection via Edit Theme File Function
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")}
CVSS 9.8
CVE-2020-21522 WRITEUP CRITICAL
halo V1.1.3 - Path Traversal and Arbitrary File Write via Zip Slip
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
CVSS 9.8
CVE-2020-21345 WRITEUP MEDIUM
Halo 1.1.3 - Stored Cross-Site Scripting in Post Publish Components
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
CVSS 6.1
CVE-2020-19038 WRITEUP CRITICAL
Halo 0.4.3 - Unauthenticated File Deletion via delBackup
File Deletion vulnerability in Halo 0.4.3 via delBackup.
CVSS 9.1
CVE-2020-19037 WRITEUP MEDIUM
Halo 0.4.3 - Incorrect Access Control via Cookie Manipulation
Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a malicious user to bypass encrption to view encrpted articles via cookies.
CVSS 5.3
CVE-2020-19007 WRITEUP MEDIUM
Halo blog 1.2.0 - Stored Cross-Site Scripting via Comment Submission
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
CVSS 5.4
CVE-2020-18982 WRITEUP MEDIUM
Halo 0.4.3 - Stored Cross-Site Scripting via CommentAuthorUrl
Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAuthorUrl.
CVSS 5.4
CVE-2020-18980 WRITEUP CRITICAL
Halo 0.4.3 - Remote Code Execution via remoteAddr and themeName Parameters
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
CVSS 9.8
CVE-2020-18979 WRITEUP MEDIUM
Halo 0.4.3 - Cross-Site Scripting via X-Forwarded-For Header
Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwarded-for Header parameter.
CVSS 6.1
CVE-2019-19999 WRITEUP HIGH
halo < 1.2.0-beta.1 - Server-Side Template Injection via FreeMarker Configuration
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
CVSS 7.2
CVE-2019-19999 WRITEUP HIGH
halo < 1.2.0-beta.1 - Server-Side Template Injection via FreeMarker Configuration
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
CVSS 7.2
CVE-2019-19999 WRITEUP HIGH
halo < 1.2.0-beta.1 - Server-Side Template Injection via FreeMarker Configuration
Halo before 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
CVSS 7.2
CVE-2019-16890 WRITEUP MEDIUM
Halo 1.1.0 - Cross-Site Scripting via Author URL in Comments API
Halo 1.1.0 has XSS via a crafted authorUrl in JSON data to api/content/posts/comments.
CVSS 5.4
CVE-2023-38991 WRITEUP MEDIUM
jeesite <1.2.6 - Privilege Escalation
An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.
CVSS 5.4
CVE-2023-38990 WRITEUP MEDIUM
Jeesite <1.2.6 - Privilege Escalation
An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.
CVSS 4.3
CVE-2023-38989 WRITEUP MEDIUM
jeesite <1.2.6 - Privilege Escalation
An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.
CVSS 4.3
CVE-2023-38988 WRITEUP MEDIUM
jeesite <1.2.6 - Privilege Escalation
An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.
CVSS 4.3
CVE-2023-34601 WRITEUP CRITICAL
jeesite < 2023-05-27 - SQL Injection via ${businessTable} in ActDao.xml
Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.
CVSS 9.8
CVE-2026-36762 WRITEUP HIGH
JeeSite 5.15.1 - Authenticated Path Traversal and Arbitrary File Write via fileEntityId Parameter
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.
CVSS 8.8
CVE-2026-36762 WRITEUP HIGH
JeeSite 5.15.1 - Authenticated Path Traversal and Arbitrary File Write via fileEntityId Parameter
An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations.
CVSS 8.8