Ipublishmedia: community verdicts
3 notable / known-exploited Ipublishmedia CVEs the community has triaged.
ⓘ Not an exhaustive list: we focus on the findings that matter (exploited / notable). For every Ipublishmedia CVE, see NVD ↗.
- CVE-2024-50660CRIT 9.8Real · low riskEPSS 1%
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality
- CVE-2024-50658CRIT 9.8Real · low riskEPSS 1%
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
- CVE-2024-50659MED 6.1EPSS 0%
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html.