CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-4430 – Ortus Solutions ColdBox Elixir ENV Variable defaultConfig.js information disclosure
https://notcve.org/view.php?id=CVE-2021-4430
A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. • https://github.com/Ortus-Solutions/coldbox-elixir/commit/a3aa62daea2e44c76d08d1eac63768cd928cd69e https://github.com/Ortus-Solutions/coldbox-elixir/releases/tag/v3.1.7 https://vuldb.com/?ctiid.244485 https://vuldb.com/?id.244485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2020-15928
https://notcve.org/view.php?id=CVE-2020-15928
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal. En Ortus TestBox versiones 2.4.0 hasta 4.1.0, los parámetros de cadena de consulta no comprobados para el archivo test-browser/index.cfm permiten un salto de directorios • https://www.exploit-db.com/exploits/49078 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1CVE-2020-15929
https://notcve.org/view.php?id=CVE-2020-15929
In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution. En Ortus TestBox versiones 2.4.0 hasta 4.1.0, los parámetros de cadena de consulta no comprobados pasados ??hacia el archivo system/runners/HTMLRunner.cfm permiten a un atacante escribir un archivo CFM arbitrario (dentro del contexto de la aplicación) que contiene etiquetas CFML definidas por el atacante, conllevando a una Ejecución de Código Remota • https://www.exploit-db.com/exploits/49077 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •