Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
halo halo 1.1.3 vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2019-19999
Halo prior to 1.2.0-beta.1 allows Server Side Template Injection (SSTI) because TemplateClassResolver.SAFER_RESOLVER is not used in the FreeMarker configuration.
Halo Halo
Halo Halo 1.1.3
Halo Halo 1.2.0
383
VMScore
CVE-2020-21345
Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publish components in the manage panel, which lets a remote malicious user execute arbitrary code.
Halo Halo 1.1.3
668
VMScore
CVE-2020-21522
An issue exists in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.
Halo Halo 1.1.3
570
VMScore
CVE-2020-21524
There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files...
Halo Halo 1.1.3
445
VMScore
CVE-2020-21525
Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
Halo Halo 1.1.3
756
VMScore
CVE-2020-21527
There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal.
Halo Halo 1.1.3
890
VMScore
CVE-2020-21523
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign tes...
Halo Halo 1.1.3
668
VMScore
CVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.
Halo Halo 1.1.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started