Количество 2
Количество 2
CVE-2024-30248
Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin page. This vulnerability was patched in version 1.3.2.
GHSA-pmww-v6c9-7p83
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-30248 Piccolo Admin is an admin interface/content management system for Python, built on top of Piccolo. Piccolo's admin panel allows media files to be uploaded. As a default, SVG is an allowed file type for upload. An attacker can upload an SVG which when loaded can allow arbitrary access to the admin page. This vulnerability was patched in version 1.3.2. | CVSS3: 7.7 | 0% Низкий | почти 2 года назад |
| GHSA-pmww-v6c9-7p83 Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page | CVSS3: 7.7 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу