Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by withknown
CVE-2026-28508 (GCVE-0-2026-28508)
Vulnerability from nvd – Published: 2026-03-06 04:13 – Updated: 2026-03-06 16:07
VLAI
Title
Idno: Unauthenticated SSRF via URL Unfurl Endpoint
Summary
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server to make arbitrary outbound HTTP requests to any host, including internal network addresses and cloud instance metadata services, and retrieve the response content. This issue has been patched in version 1.6.4.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/idno/idno/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/idno/idno/releases/tag/1.6.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T16:00:20.241576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:07:56.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "idno",
"vendor": "idno",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server to make arbitrary outbound HTTP requests to any host, including internal network addresses and cloud instance metadata services, and retrieve the response content. This issue has been patched in version 1.6.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T04:13:19.621Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/idno/idno/security/advisories/GHSA-fcrh-fqxh-6fx6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/idno/idno/security/advisories/GHSA-fcrh-fqxh-6fx6"
},
{
"name": "https://github.com/idno/idno/releases/tag/1.6.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/idno/releases/tag/1.6.4"
}
],
"source": {
"advisory": "GHSA-fcrh-fqxh-6fx6",
"discovery": "UNKNOWN"
},
"title": "Idno: Unauthenticated SSRF via URL Unfurl Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28508",
"datePublished": "2026-03-06T04:13:19.621Z",
"dateReserved": "2026-02-27T20:57:47.709Z",
"dateUpdated": "2026-03-06T16:07:56.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28507 (GCVE-0-2026-28507)
Vulnerability from nvd – Published: 2026-03-06 04:12 – Updated: 2026-03-06 16:08
VLAI
Title
Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal
Summary
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/idno/idno/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/idno/idno/releases/tag/1.6.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T15:58:17.703660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:08:06.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "idno",
"vendor": "idno",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T04:12:43.557Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/idno/idno/security/advisories/GHSA-37j7-56xc-c468",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/idno/idno/security/advisories/GHSA-37j7-56xc-c468"
},
{
"name": "https://github.com/idno/idno/releases/tag/1.6.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/idno/releases/tag/1.6.4"
}
],
"source": {
"advisory": "GHSA-37j7-56xc-c468",
"discovery": "UNKNOWN"
},
"title": "Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28507",
"datePublished": "2026-03-06T04:12:43.557Z",
"dateReserved": "2026-02-27T20:57:47.709Z",
"dateUpdated": "2026-03-06T16:08:06.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26273 (GCVE-0-2026-26273)
Vulnerability from nvd – Published: 2026-02-13 21:45 – Updated: 2026-02-17 20:00
VLAI
Title
Known affected by Account Takeover via Password Reset Token Leakage
Summary
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox. This vulnerability is fixed in 1.6.3.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/idno/known/security/advisories… | x_refsource_CONFIRM |
| https://github.com/idno/known/commit/8439a0747471… | x_refsource_MISC |
| https://github.com/idno/known/releases/tag/1.6.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26273",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T20:00:43.160262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T20:00:54.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "known",
"vendor": "idno",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user\u0027s email, leading to full Account Takeover (ATO) without requiring access to the victim\u0027s email inbox. This vulnerability is fixed in 1.6.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T21:45:41.610Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r"
},
{
"name": "https://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66a"
},
{
"name": "https://github.com/idno/known/releases/tag/1.6.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known/releases/tag/1.6.3"
}
],
"source": {
"advisory": "GHSA-78wq-6gcv-w28r",
"discovery": "UNKNOWN"
},
"title": "Known affected by Account Takeover via Password Reset Token Leakage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26273",
"datePublished": "2026-02-13T21:45:41.610Z",
"dateReserved": "2026-02-12T17:10:53.413Z",
"dateUpdated": "2026-02-17T20:00:54.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-33011 (GCVE-0-2022-33011)
Vulnerability from nvd – Published: 2022-07-08 11:10 – Updated: 2024-08-03 07:54
VLAI
Summary
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/idno/known | x_refsource_MISC |
| https://github.com/swisskyrepo/PayloadsAllTheThin… | x_refsource_MISC |
| https://www.pethuraj.com/blog/how-i-earned-800-fo… | x_refsource_MISC |
| https://blog.jitendrapatro.me/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T11:10:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idno/known",
"refsource": "MISC",
"url": "https://github.com/idno/known"
},
{
"name": "https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning",
"refsource": "MISC",
"url": "https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning"
},
{
"name": "https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/",
"refsource": "MISC",
"url": "https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/"
},
{
"name": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/",
"refsource": "MISC",
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33011",
"datePublished": "2022-07-08T11:10:47.000Z",
"dateReserved": "2022-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:54:03.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32115 (GCVE-0-2022-32115)
Vulnerability from nvd – Published: 2022-07-08 11:10 – Updated: 2024-08-03 07:32
VLAI
Summary
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/idno/known | x_refsource_MISC |
| https://withknown.com/ | x_refsource_MISC |
| https://blog.jitendrapatro.me/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:55.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T11:10:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idno/known",
"refsource": "MISC",
"url": "https://github.com/idno/known"
},
{
"name": "https://withknown.com/",
"refsource": "MISC",
"url": "https://withknown.com/"
},
{
"name": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/",
"refsource": "MISC",
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32115",
"datePublished": "2022-07-08T11:10:39.000Z",
"dateReserved": "2022-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:32:55.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31290 (GCVE-0-2022-31290)
Vulnerability from nvd – Published: 2022-07-08 11:10 – Updated: 2024-08-03 07:11
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/idno/known | x_refsource_MISC |
| https://withknown.com/ | x_refsource_MISC |
| http://docs.withknown.com/en/latest/install/index.html | x_refsource_MISC |
| https://blog.jitendrapatro.me/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://docs.withknown.com/en/latest/install/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T11:10:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://docs.withknown.com/en/latest/install/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idno/known",
"refsource": "MISC",
"url": "https://github.com/idno/known"
},
{
"name": "https://withknown.com/",
"refsource": "MISC",
"url": "https://withknown.com/"
},
{
"name": "http://docs.withknown.com/en/latest/install/index.html",
"refsource": "MISC",
"url": "http://docs.withknown.com/en/latest/install/index.html"
},
{
"name": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/",
"refsource": "MISC",
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31290",
"datePublished": "2022-07-08T11:10:34.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:11:39.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30852 (GCVE-0-2022-30852)
Vulnerability from nvd – Published: 2022-07-08 11:10 – Updated: 2024-08-03 07:03
VLAI
Summary
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/idno/known | x_refsource_MISC |
| https://withknown.com/ | x_refsource_MISC |
| https://blog.jitendrapatro.me/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T11:10:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idno/known",
"refsource": "MISC",
"url": "https://github.com/idno/known"
},
{
"name": "https://withknown.com/",
"refsource": "MISC",
"url": "https://withknown.com/"
},
{
"name": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/",
"refsource": "MISC",
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30852",
"datePublished": "2022-07-08T11:10:28.000Z",
"dateReserved": "2022-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:03:39.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-28508 (GCVE-0-2026-28508)
Vulnerability from cvelistv5 – Published: 2026-03-06 04:13 – Updated: 2026-03-06 16:07
VLAI
Title
Idno: Unauthenticated SSRF via URL Unfurl Endpoint
Summary
Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server to make arbitrary outbound HTTP requests to any host, including internal network addresses and cloud instance metadata services, and retrieve the response content. This issue has been patched in version 1.6.4.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/idno/idno/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/idno/idno/releases/tag/1.6.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T16:00:20.241576Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:07:56.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "idno",
"vendor": "idno",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Idno is a social publishing platform. Prior to version 1.6.4, a logic error in the API authentication flow causes the CSRF protection on the URL unfurl service endpoint to be trivially bypassed by any unauthenticated remote attacker. Combined with the absence of a login requirement on the endpoint itself, this allows an attacker to force the server to make arbitrary outbound HTTP requests to any host, including internal network addresses and cloud instance metadata services, and retrieve the response content. This issue has been patched in version 1.6.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T04:13:19.621Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/idno/idno/security/advisories/GHSA-fcrh-fqxh-6fx6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/idno/idno/security/advisories/GHSA-fcrh-fqxh-6fx6"
},
{
"name": "https://github.com/idno/idno/releases/tag/1.6.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/idno/releases/tag/1.6.4"
}
],
"source": {
"advisory": "GHSA-fcrh-fqxh-6fx6",
"discovery": "UNKNOWN"
},
"title": "Idno: Unauthenticated SSRF via URL Unfurl Endpoint"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28508",
"datePublished": "2026-03-06T04:13:19.621Z",
"dateReserved": "2026-02-27T20:57:47.709Z",
"dateUpdated": "2026-03-06T16:07:56.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28507 (GCVE-0-2026-28507)
Vulnerability from cvelistv5 – Published: 2026-03-06 04:12 – Updated: 2026-03-06 16:08
VLAI
Title
Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal
Summary
Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/idno/idno/security/advisories/… | x_refsource_CONFIRM |
| https://github.com/idno/idno/releases/tag/1.6.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28507",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T15:58:17.703660Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:08:06.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "idno",
"vendor": "idno",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Idno is a social publishing platform. Prior to version 1.6.4, there is a remote code execution vulnerability via chained import file write and template path traversal. This issue has been patched in version 1.6.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T04:12:43.557Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/idno/idno/security/advisories/GHSA-37j7-56xc-c468",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/idno/idno/security/advisories/GHSA-37j7-56xc-c468"
},
{
"name": "https://github.com/idno/idno/releases/tag/1.6.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/idno/releases/tag/1.6.4"
}
],
"source": {
"advisory": "GHSA-37j7-56xc-c468",
"discovery": "UNKNOWN"
},
"title": "Idno: Remote Code Execution via Chained Import File Write and Template Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28507",
"datePublished": "2026-03-06T04:12:43.557Z",
"dateReserved": "2026-02-27T20:57:47.709Z",
"dateUpdated": "2026-03-06T16:08:06.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26273 (GCVE-0-2026-26273)
Vulnerability from cvelistv5 – Published: 2026-02-13 21:45 – Updated: 2026-02-17 20:00
VLAI
Title
Known affected by Account Takeover via Password Reset Token Leakage
Summary
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox. This vulnerability is fixed in 1.6.3.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/idno/known/security/advisories… | x_refsource_CONFIRM |
| https://github.com/idno/known/commit/8439a0747471… | x_refsource_MISC |
| https://github.com/idno/known/releases/tag/1.6.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26273",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T20:00:43.160262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T20:00:54.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "known",
"vendor": "idno",
"versions": [
{
"status": "affected",
"version": "\u003c 1.6.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user\u0027s email, leading to full Account Takeover (ATO) without requiring access to the victim\u0027s email inbox. This vulnerability is fixed in 1.6.3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-640",
"description": "CWE-640: Weak Password Recovery Mechanism for Forgotten Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-13T21:45:41.610Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r"
},
{
"name": "https://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known/commit/8439a0747471559fb1ea9f074b929d390f27e66a"
},
{
"name": "https://github.com/idno/known/releases/tag/1.6.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known/releases/tag/1.6.3"
}
],
"source": {
"advisory": "GHSA-78wq-6gcv-w28r",
"discovery": "UNKNOWN"
},
"title": "Known affected by Account Takeover via Password Reset Token Leakage"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26273",
"datePublished": "2026-02-13T21:45:41.610Z",
"dateReserved": "2026-02-12T17:10:53.413Z",
"dateUpdated": "2026-02-17T20:00:54.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-33011 (GCVE-0-2022-33011)
Vulnerability from cvelistv5 – Published: 2022-07-08 11:10 – Updated: 2024-08-03 07:54
VLAI
Summary
Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/idno/known | x_refsource_MISC |
| https://github.com/swisskyrepo/PayloadsAllTheThin… | x_refsource_MISC |
| https://www.pethuraj.com/blog/how-i-earned-800-fo… | x_refsource_MISC |
| https://blog.jitendrapatro.me/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T11:10:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-33011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idno/known",
"refsource": "MISC",
"url": "https://github.com/idno/known"
},
{
"name": "https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning",
"refsource": "MISC",
"url": "https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Account%20Takeover#account-takeover-through-password-reset-poisoning"
},
{
"name": "https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/",
"refsource": "MISC",
"url": "https://www.pethuraj.com/blog/how-i-earned-800-for-host-header-injection-vulnerability/"
},
{
"name": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/",
"refsource": "MISC",
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-33011",
"datePublished": "2022-07-08T11:10:47.000Z",
"dateReserved": "2022-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:54:03.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32115 (GCVE-0-2022-32115)
Vulnerability from cvelistv5 – Published: 2022-07-08 11:10 – Updated: 2024-08-03 07:32
VLAI
Summary
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/idno/known | x_refsource_MISC |
| https://withknown.com/ | x_refsource_MISC |
| https://blog.jitendrapatro.me/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:32:55.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T11:10:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-32115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idno/known",
"refsource": "MISC",
"url": "https://github.com/idno/known"
},
{
"name": "https://withknown.com/",
"refsource": "MISC",
"url": "https://withknown.com/"
},
{
"name": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/",
"refsource": "MISC",
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-32115",
"datePublished": "2022-07-08T11:10:39.000Z",
"dateReserved": "2022-05-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:32:55.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31290 (GCVE-0-2022-31290)
Vulnerability from cvelistv5 – Published: 2022-07-08 11:10 – Updated: 2024-08-03 07:11
VLAI
Summary
A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/idno/known | x_refsource_MISC |
| https://withknown.com/ | x_refsource_MISC |
| http://docs.withknown.com/en/latest/install/index.html | x_refsource_MISC |
| https://blog.jitendrapatro.me/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://docs.withknown.com/en/latest/install/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T11:10:34.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://docs.withknown.com/en/latest/install/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-31290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idno/known",
"refsource": "MISC",
"url": "https://github.com/idno/known"
},
{
"name": "https://withknown.com/",
"refsource": "MISC",
"url": "https://withknown.com/"
},
{
"name": "http://docs.withknown.com/en/latest/install/index.html",
"refsource": "MISC",
"url": "http://docs.withknown.com/en/latest/install/index.html"
},
{
"name": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/",
"refsource": "MISC",
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31290",
"datePublished": "2022-07-08T11:10:34.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:11:39.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30852 (GCVE-0-2022-30852)
Vulnerability from cvelistv5 – Published: 2022-07-08 11:10 – Updated: 2024-08-03 07:03
VLAI
Summary
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/idno/known | x_refsource_MISC |
| https://withknown.com/ | x_refsource_MISC |
| https://blog.jitendrapatro.me/multiple-vulnerabil… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:39.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-08T11:10:28.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/idno/known"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://withknown.com/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idno/known",
"refsource": "MISC",
"url": "https://github.com/idno/known"
},
{
"name": "https://withknown.com/",
"refsource": "MISC",
"url": "https://withknown.com/"
},
{
"name": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/",
"refsource": "MISC",
"url": "https://blog.jitendrapatro.me/multiple-vulnerabilities-in-idno-known-php-cms-software/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30852",
"datePublished": "2022-07-08T11:10:28.000Z",
"dateReserved": "2022-05-16T00:00:00.000Z",
"dateUpdated": "2024-08-03T07:03:39.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}