CVE-2021-30134
https://notcve.org/view.php?id=CVE-2021-30134
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. php-mod/curl (un contenedor de la extensión PHP cURL) anterior a 2.3.2 permite XSS a través del parámetro clave post_file_path_upload.php y los datos POST en post_multidimensional.php. • https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2013-2617
https://notcve.org/view.php?id=CVE-2013-2617
lib/curl.rb in the Curl Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. lib/curl.rb en el Curl Gem para Ruby permite atacantes remotos ejecutar código arbitrario a través de metacaracteres shell en una URL. • http://packetstormsecurity.com/files/120778/Ruby-Gem-Curl-Command-Execution.html http://seclists.org/fulldisclosure/2013/Mar/124 http://www.openwall.com/lists/oss-security/2013/03/19/9 http://www.osvdb.org/91230 • CWE-94: Improper Control of Generation of Code ('Code Injection') •