CVE-2020-5840

An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.

Date published : 2020-01-06

https://github.com/HashBrownCMS/hashbrown-cms/compare/v1.3.1…v1.3.2

https://github.com/HashBrownCMS/hashbrown-cms/releases/tag/v1.3.2