CVE-2018-14441
https://notcve.org/view.php?id=CVE-2018-14441
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. admin/admin/fileUploadAction_fileUpload.action allows arbitrary file upload, as demonstrated by a .jsp file with the image/jpeg content type. Se ha descubierto un problema en cckevincyh SSH CompanyWebsite hasta el 03/05/2018. admin/admin/fileUploadAction_fileUpload.action permite la subida de archivos arbitrarios, tal y como queda demostrado con un archivo .jsp con el tipo de contenido image/jpeg. • https://github.com/cckevincyh/CompanyWebsite/issues/4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2018-14440
https://notcve.org/view.php?id=CVE-2018-14440
An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter. Se ha descubierto un problema en cckevincyh SSH CompanyWebsite hasta el 03/05/2018. Existe una inyección SQL mediante el parámetro noticeInfo en admin/noticeManageAction_queryNotice.action. • https://github.com/cckevincyh/CompanyWebsite/issues/3 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •