MidnightBSD

Advisories for ibarn_project

CVE-2020-20588

File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php.

Products Affected

Vendor Product Version
ibarn_project ibarn 1.5
CVE-2024-38469

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /pay.php.

Products Affected

Vendor Product Version
ibarn_project ibarn 1.5
CVE-2024-38470

zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the $search parameter at /own.php.

Products Affected

Vendor Product Version
ibarn_project ibarn 1.5