Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ini project ini vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-28448
This affects the package multi-ini prior to 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.
Multi-ini Project Multi-ini
7.5
CVSSv2
CVE-2020-28460
This affects the package multi-ini prior to 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.
Multi-ini Project Multi-ini
7.5
CVSSv2
CVE-2020-7788
This affects the package ini prior to 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Ini Project Ini
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2020-7617
ini-parser up to and including 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.
Ini-parser Project Ini-parser
4.3
CVSSv2
CVE-2022-1788
Due to missing checks the Change Uploaded File Permissions WordPress plugin up to and including 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made rea...
Change Uploaded File Permissions Project Change Uploaded File Permissions
NA
CVE-2023-46851
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hi...
Apache Allura
NA
CVE-2020-28441
This affects the package conf-cfg-ini prior to 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
Conf-cfg-ini Project Conf-cfg-ini
NA
CVE-2020-28461
This affects the package js-ini prior to 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
Js-ini Project Js-ini
NA
CVE-2020-28462
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
Ion-parser Project Ion-parser
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started