CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44534
https://notcve.org/view.php?id=CVE-2021-44534
31 May 2024 — Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure. Un filtrado insuficiente de las entradas del usuario provoca la lectura arbitraria de archivos por parte de un atacante no autenticado, lo que da lugar a la divulgación de información confidencial. • https://hackerone.com/reports/1096043 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22953
https://notcve.org/view.php?id=CVE-2023-22953
09 Feb 2023 — In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. • https://docs.expressionengine.com/latest/installation/changelog.html •