: 1.7.0 - 1.7.3
Tested:1.7.2, 1.7.3
Fixed: 1.7.4
Prerequisites: edit repository settings
Severity: low
CVE: NA
Credit:Anti Räis
HTML version: https://bitflipper.eu/
Description
===
Gitea is a self hosted git repository service, which is affected by
authenticated user with media or asset
management permission
CVE: pending
Credit:Anti Räis
HTML version: https://bitflipper.eu
Product
===
October is a free, open-source, self-hosted CMS platform based on the
Laravel
PHP Framework.
Description
: attacker needs to be authenticated and with correct
permissions
Severity: high
CVE: NA
Credit:Anti Räis
HTML version: https://bitflipper.eu
Description
===
A SQL injection vulnerability was discovered in the xPDO library used by
MODX Revolution 2.5.6. The
accessible /install functionality
CVE: CVE-2017-1000423
Credit:Anti Räis
HTML version: https://bitflipper.eu
Description
===
Unauthenticated user with access to `/install` functionality can
configure the
application installation parameters and complete the installation. This