Hisiphp Security Vulnerabilities

CVE-2020-28062

An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary...

CVE-2020-21130

Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in...

CVE-2019-1010193

hisiphp 1.0.8 is affected by: Cross Site Scripting...

CVE-2018-17826

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types (.jpg, .png, .gif,...

CVE-2018-17827

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into...