BSCW Server versions 7.4.2 and below, 7.3.2 and below, 5.2.3 and below, 5.1.9 and below, and 5.0.11 and below suffer from an authenticated remote code execution vulnerability.
>> ARCHIVE: 2021-08
WordPress Plugin ProfilePress 3.1.3 – Privilege Escalation (Unauthenticated)
Umbraco CMS 8.9.1 – Path traversal and Arbitrary File Write (Authenticated)
Projectsend r1295 – ‘name’ Stored XSS
Strapi 3.0.0-beta.17.7 – Remote Code Execution (RCE) (Authenticated)
Strapi 3.0.0-beta – Set Password (Unauthenticated)
MySQL User-Defined (Linux) x32 / x86_64 – ‘sys_exec’ Local Privilege Escalation (2)
Usermin 1.820 – Remote Code Execution (RCE) (Authenticated)
Bus Pass Management System 1.0 – ‘viewid’ SQL Injection
Strapi CMS 3.0.0-beta.17.4 – Remote Code Execution (RCE) (Unauthenticated)