CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11723
https://notcve.org/view.php?id=CVE-2017-11723
29 Jul 2017 — Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter. Una vulnerabilidad de salto del directorio en el archivo plugins/ImageManager/backend.php en Xinha versión 0.96, tal como es usado en Jojo versión 4.4.0, permite a los atacantes remotos eliminar cualquier carpeta por medio del salto de directorio en el parámetro deld. • https://github.com/JojoCMS/Jojo-CMS/issues/30 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 41EXPL: 2CVE-2010-1916
https://notcve.org/view.php?id=CVE-2010-1916
12 May 2010 — The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 and earlier, as used in Serendipity 1.5.2 and earlier, allows remote attackers to bypass intended access restrictions and modify the configuration of arbitrary plugins via (1) crafted backend_config_secret_key_location and backend_config_hash parameters that are used in a SHA1 hash of a shared secret that can be known or externally influenced, which are not properly handled by the "Deprecated config passing" feature; or (2) crafted backen... • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042577.html • CWE-264: Permissions, Privileges, and Access Controls •