Skip to main content

X2Engine

2 CVEs product

Monthly

CVE-2014-5298 MEDIUM This Month

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation File Upload X2Engine
NVD GitHub
CVSS 2.0
5.0
EPSS
1.2%
CVE-2014-5297 HIGH POC PATCH This Week

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF RCE PHP Code Injection X2Engine
NVD
CVSS 2.0
7.5
EPSS
0.7%
EPSS 1% CVSS 5.0
MEDIUM This Month

FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation File Upload +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF RCE PHP +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy