CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5407 – Code Injection vulnerability in RhinOS from SaltOS
https://notcve.org/view.php?id=CVE-2024-5407
27 May 2024 — A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure. Una vulnerabilidad en RhinOS 3.0-1190 podría permitir la inyección de código PHP a través del parámetro "búsqueda" en /portal/search.htm. Esta vulnerabilidad podría permitir que un atacante remoto realice un shell inverso en el sistema remoto, comprometi... • https://github.com/josepsanzcamp/RhinOS • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 3CVE-2018-18760 – RhinOS CMS 3.x - Arbitrary File Download
https://notcve.org/view.php?id=CVE-2018-18760
29 Oct 2018 — RhinOS 3.0 build 1190 allows CSRF. RhinOS 3.0 build 1190 permite Cross-Site Request Forgery (CSRF). RhinOS CMS version 3.x suffers from an arbitrary file download vulnerability. • https://packetstorm.news/files/id/150018 • CWE-352: Cross-Site Request Forgery (CSRF) •