Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ini project ini vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2020-28448
This affects the package multi-ini prior to 2.1.1. It is possible to pollute an object's prototype by specifying the proto object as part of an array.
Multi-ini Project Multi-ini
7.5
CVSSv2
CVE-2020-28460
This affects the package multi-ini prior to 2.1.2. It is possible to pollute an object's prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448.
Multi-ini Project Multi-ini
7.5
CVSSv2
CVE-2020-7788
This affects the package ini prior to 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.
Ini Project IniDebian Debian Linux 9.0
7.5
CVSSv2
CVE-2020-7617
ini-parser up to and including 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.
Ini-parser Project Ini-parser
4.3
CVSSv2
CVE-2022-1788
Due to missing checks the Change Uploaded File Permissions WordPress plugin up to and including 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made rea...
Change Uploaded File Permissions Project Change Uploaded File Permissions
NA
CVE-2023-46851
Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hi...
Apache Allura
NA
CVE-2020-28441
This affects the package conf-cfg-ini prior to 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.
Conf-cfg-ini Project Conf-cfg-ini
NA
CVE-2020-28461
This affects the package js-ini prior to 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
Js-ini Project Js-ini
NA
CVE-2020-28462
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
Ion-parser Project Ion-parser
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middlecommand injectionCVE-2021-47511CVE-2024-26238CVE-2024-4858CVE-2024-21305XXECVE-2021-47555CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook