CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 5CVE-2014-1631 – Eventum - Insecure File Permissions
https://notcve.org/view.php?id=CVE-2014-1631
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php. Eventum, en versiones anteriores a la 2.3.5 permite que atacantes remotos reinstalen la aplicación mediante una petición directa en /setup/index.php. Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities. • https://www.exploit-db.com/exploits/39065 https://www.exploit-db.com/exploits/39066 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4666 http://www.securityfocus.com/archive/1/530891/100/0/threaded https://bugs.launchpad.net/eventum/+bug/1271499 https://www.htbridge.com/advisory/HTB23198 • CWE-275: Permission Issues •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 4CVE-2014-1632 – Eventum 2.3.4 - 'hostname' Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-1632
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter. htdocs/setup/index.php en Eventum, en versiones anteriores a la 2.3.5, permite que atacantes remotos inyecten y ejecuten código PHP arbitrario mediante el parámetro hostname. Eventum version 2.3.4 suffers from incorrect default permission and code injection vulnerabilities. • https://www.exploit-db.com/exploits/39066 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665 http://www.securityfocus.com/archive/1/530891/100/0/threaded https://bugs.launchpad.net/eventum/+bug/1271499 https://www.htbridge.com/advisory/HTB23198 • CWE-275: Permission Issues •