Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redmine vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-18890
A SQL injection vulnerability in Redmine up to and including 3.2.9 and 3.3.x prior to 3.3.10 allows Redmine users to access protected information via a crafted object query.
Redmine Redmine
Debian Debian Linux 9.0
2 Github repositories
6.8
CVSSv2
CVE-2017-17536
Phabricator prior to 2017-11-10 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote malicious users to execute arbitrary code by using the web UI to browse a branch whose name begins with a --config= or --debugger= substring.
Phacility Phabricator
NA
CVE-2024-36267
Path traversal vulnerability exists in Redmine DMSF Plugin versions before 3.1.4. If this vulnerability is exploited, a logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process).
4.3
CVSSv2
CVE-2019-15950
The CRM Plugin prior to 4.2.4 for Redmine allows XSS via crafted vCard data.
Redmineup Crm
NA
CVE-2023-31541
A unrestricted file upload vulnerability exists in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.
Ckeditor Ckeditor 1.2.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6