#firefox

FlightPath LMS version 5.0-rc2 suffers from an insecure direct object reference vulnerability.

FAST TECH CMS version 1.0 suffers from a cross site request forgery vulnerability.

doorGets CMS version 12 suffers from a remote shell upload vulnerability.

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

GEN Security+ version 4.0 suffers from a remote SQL injection vulnerability.

Geeklog version 2.1.0b1 suffers from a database disclosure vulnerability.

G and G Corporate CMS version 1.0 suffers from a cross site scripting vulnerability.

FreshRSS version 1.11.1 suffers from an html injection vulnerability.

Forum Fire Soft Board version 0.3.0 suffers from a cross site scripting vulnerability.

Forma LMS version 1.4 suffers from a database disclosure vulnerability.