Gnu Savane vulnerabilities
4 known vulnerabilities affecting gnu/savane.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-29399HIGHCVSS 7.6≤ 3.132024-04-11
CVE-2024-29399 [HIGH] CWE-94 CVE-2024-29399: An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitra
An issue was discovered in GNU Savane v.3.13 and before, allows a remote attacker to execute arbitrary code and escalate privileges via a crafted file to the upload.php component.
nvd
CVE-2024-27630HIGHCVSS 7.5fixed in 3.132024-04-08
CVE-2024-27630 [HIGH] CWE-639 CVE-2024-27630: Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
nvd
CVE-2024-27632HIGHCVSS 8.8fixed in 3.132024-04-08
CVE-2024-27632 [HIGH] CWE-335 CVE-2024-27632: An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the for
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
nvd
CVE-2024-27631MEDIUMCVSS 6.0fixed in 3.132024-04-08
CVE-2024-27631 [MEDIUM] CWE-352 CVE-2024-27631: Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
nvd