ExpressionEngine - HackerOne Reports
View on HackerOne29
Total Reports
0
Critical
5
High
9
Medium
11
Low
Type Juggling -> PHP Object Injection -> SQL Injection Chain
Reported by:
jstnkndy
|
Disclosed:
Weakness: Cryptographic Issues - Generic
Low privileges (auth) Remote Command Execution - PHP file upload bypass.
Reported by:
mariuszpoplawski
|
Disclosed:
High
Weakness: Code Injection
Multiple XSS and open HTTP redirection
Reported by:
maggick
|
Disclosed:
High
Weakness: Cross-site Scripting (XSS) - Stored
Arbitrary SQL query execution and reflected XSS in the "SQL Query Form"
Reported by:
strukt
|
Disclosed:
Weakness: Uncontrolled Resource Consumption
Arbitrary file upload when setting an avatar
Reported by:
strukt
|
Disclosed:
Weakness: Code Injection
Open Redirect in comment section
Reported by:
winst0n13
|
Disclosed:
Low
Weakness: Open Redirect
[EE] change the author of post using the author_id
Reported by:
flex0geek
|
Disclosed:
Low
Weakness: Insecure Direct Object Reference (IDOR)
Remote Code Execution in the Import Channel function
Reported by:
strukt
|
Disclosed:
Medium
Open redirects protection bypass
Reported by:
strukt
|
Disclosed:
Medium
Weakness: Open Redirect
PHP Code Injection through "Translate::save()" method
Reported by:
egix
|
Disclosed:
Medium
Weakness: Code Injection
License verification mechanism can be bypassed
Reported by:
unbaiat
|
Disclosed:
Low
Weakness: Use of a Broken or Risky Cryptographic Algorithm
Reflective XSS
Reported by:
hogarth45
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
Potential code injection in fun delete_directory
Reported by:
freetom
|
Disclosed:
Medium
Weakness: Code Injection
Image lib - unescaped file path
Reported by:
freetom
|
Disclosed:
Medium
Weakness: Code Injection
PHP Object injection -> Building Custom Gadget chain -> RCE
Reported by:
karezma
|
Disclosed:
High
Weakness: Command Injection - Generic
Arbitrary comment content change with GET CSRF.
Reported by:
d0bby
|
Disclosed:
Low
Weakness: Cross-Site Request Forgery (CSRF)
Stored XSS filter bypass on discussion forum.
Reported by:
d0bby
|
Disclosed:
Low
Weakness: Cross-site Scripting (XSS) - Stored
Non-authenticated path traversal leading to arbitrary file read
Reported by:
d3addog
|
Disclosed:
High
Weakness: Path Traversal
Import File Converter - local File inclusion
Reported by:
0xsp
|
Disclosed:
Low
XML Member Proccessing - Local File inclusion Vulnerability
Reported by:
0xsp
|
Disclosed:
Low
Page 1 of 2
Next