Filtered by vendor Zelon88
Subscriptions
Filtered by product Hrconvert2
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44666 | 1 Zelon88 | 1 Hrconvert2 | 2026-05-15 | N/A |
| HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) and tab (\t) from its strip list. User input then reaches shell_exec(), where the shell interprets these characters and commands within filenames execute. This vulnerability is fixed in 3.3.8. | ||||
Page 1 of 1.