Maarch Letterbox vulnerabilities
2 known vulnerabilities affecting maarch/letterbox.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2015-1587P2HIGHCVSS 7.5PoC≤ 2.82015-02-19
CVE-2015-1587 [HIGH] CVE-2015-1587: Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and
Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/.
nvd
CVE-2014-8995P3MEDIUMCVSS 5.0PoCv2.82014-11-20
CVE-2014-8995 [MEDIUM] CWE-89 CVE-2014-8995: SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
nvd