CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44534
https://notcve.org/view.php?id=CVE-2021-44534
Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. Un filtrado insuficiente de las entradas del usuario provoca la lectura arbitraria de archivos por parte de un atacante no autenticado, lo que da lugar a la divulgación de información confidencial. • https://hackerone.com/reports/1096043 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22953
https://notcve.org/view.php?id=CVE-2023-22953
In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. • https://docs.expressionengine.com/latest/installation/changelog.html https://gist.github.com/ahmedsherif/7b8f18a54a80ae0ac5ff6307c35b7d43 https://hackerone.com/reports/1820492 •