Path traversal in Streamax Crocus 1.3.40 Download function allows authenticated remote attackers to read arbitrary files via manipulation of the Path parameter in /Service.do?Action=Download requests. The vulnerability has a low CVSS score (2.1) due to requirement for authenticated access and confidentiality-only impact, but publicly available exploit code exists and the vendor has not responded to disclosure efforts.
Path traversal in Streamax Crocus 1.3.40 allows authenticated remote attackers to read arbitrary files via manipulation of the FilePath parameter in the /DeviceFileReport.do?Action=Download endpoint. The vulnerability has publicly available exploit code and affects the file download functionality with low confidentiality impact. Despite a CVSS score of 2.1, the vendor has not responded to disclosure and the exploit is publicly weaponized.
Streamax Crocus 1.3.40 allows authenticated remote attackers to bypass file upload restrictions via manipulation of the File parameter in the /FileDir.do?Action=Upload endpoint, enabling unrestricted file upload with limited direct impact. Publicly available exploit code exists and the vendor has not responded to disclosure attempts. Despite a low CVSS score of 2.1, the combination of public exploit availability and vendor non-response elevates operational risk, particularly if the upload mechanism can be chained with other vulnerabilities to achieve code execution.
Code injection in ChanCMS up to version 3.3.2 via the getArticle function in app/modules/cms/controller/gather.js allows authenticated remote attackers to inject and execute arbitrary code with low impact on confidentiality, integrity, and availability. The exploit is publicly available on GitHub but exploitation probability remains low (EPSS 0.04%) due to authentication requirements and limited impact scope. The vendor did not respond to early disclosure notification.
SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to manipulate the orderField parameter in the /DeviceState.do?Action=Query endpoint, potentially extracting or modifying database contents. The vulnerability requires valid credentials but carries minimal confidentiality and integrity impact per CVSS scoring. Public exploit code is available, though EPSS exploitation probability remains low at 0.03%, suggesting either limited technical feasibility, narrow applicability, or defensive measures in typical deployments.
SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to execute arbitrary SQL queries via the sortField parameter in the /DeviceFault.do?Action=Query endpoint. While the CVSS score is low (2.1) due to limited scope and confidentiality impact, publicly available exploit code exists and the vulnerability requires only low-privilege authentication. The vendor has not responded to early disclosure attempts, leaving no patch path available.
SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to execute arbitrary SQL queries via the orderField parameter in the /MemoryState.do?Action=Query endpoint, potentially exposing or modifying database contents. Publicly available exploit code exists, but the CVSS score of 2.1 reflects low confidentiality, integrity, and availability impact with no scope change. The vendor did not respond to early disclosure.
SQL injection in Streamax Crocus 1.3.40 allows authenticated remote attackers to manipulate the orderField parameter in the /RepairRecord.do?Action=QueryLast endpoint, enabling database query manipulation with limited confidentiality and integrity impact. Publicly available exploit code exists and the vendor has not responded to early disclosure notification. Despite a low CVSS score of 2.1, the combination of public exploit availability and vendor non-responsiveness increases real-world risk, though exploitation requires valid user credentials and produces only low-severity data exposure.
SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to manipulate the cid parameter in the /cms/article/update endpoint, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires valid user authentication and has publicly available exploit code, but carries low real-world risk due to the CVSS 2.1 score and minimal EPSS probability (0.02%). The vendor has not responded to early disclosure notifications.
SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to manipulate the cid parameter in the /cms/article/findField endpoint, enabling arbitrary database queries with limited confidentiality and integrity impact. The vulnerability requires valid user authentication (PR:L in CVSS 4.0) and publicly available exploit code exists, but real-world exploitation risk remains low due to minimal data confidentiality/integrity impact (VC:L/VI:L) and only 0.02% EPSS exploitation probability, suggesting this is a low-priority SQL injection compared to unauthenticated or higher-impact variants.
SQL injection in ChanCMS up to version 3.3.2 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in the /cms/model/hasUse function. The vulnerability has low immediate impact (CVSS 2.1) but carries elevated real-world risk due to publicly available exploit code, authenticated but network-accessible attack vector, and vendor non-responsiveness to disclosure. Exploitation requires valid user credentials but no user interaction or special conditions.