Command execution vulnerability in SongCMS PHP version (CNVD-2020-38508)

SongCMS PHP Edition is an open source CMS based on PHP+MySQL. SongCMS PHP Edition suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...

MayiCMS has a flawed logic vulnerability

MayiCMS is a php mysql based website builder. MayiCMS suffers from a logic flaw vulnerability that can be exploited by attackers to perform unauthorized operations...

The vulnerability of the PHP interpreter, related to key management errors, allows attackers to gain unauthorized access to protected information.

The vulnerability of the PHP interpreter is related to key management errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the exif_iif_add_value function in the PHP programming language, related to reading data beyond the allowed limits, allows a perpetrator to gain unauthorized access to information or cause service failures.

The vulnerability of the exifiifaddvalue function in the PHP programming language is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to information or cause service failures...

Artica Pandora FMS Code Issue Vulnerability

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A code issue vulnerability exists in File Manager in Artica Pandora FMS 7.42 and prior versions. An attacker can exploit t...

SQL Injection Vulnerability in Wecenter of Shenzhen Weike Interactive Co.

WeCenter is a completely open source social networking program similar to Zhihu based on Q&A, based on PHP+MYSQL application architecture. WeCenter has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

PHP EXIF extension buffer overflow vulnerability (CNVD-2020-22810)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems.EXIF extension is one of the...

PHP Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems. A...

PHP Memory Location Double Release Vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A...

DEBIAN-CVE-2019-11325

An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter...

WordPress Popup Maker Plugin Has Unspecified Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Popup Maker is a popup window plugin used in it. A security vulnerability exists in WordPress Popup Maker plugin versions...

vBulletin Remote Code Execution Vulnerability

vBulletin is a business forum program developed and marketed by Internet Brands and vBulletin Solutions. A remote code execution vulnerability exists in vBulletin, which can be exploited by an attacker to inject and execute arbitrary PHP code...

SugarCRM Administration Module PHP Code Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the Administration module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

SugarCRM UpgradeWizard Module PHP Object Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP object injection vulnerability exists in the UpgradeWizard module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...

ML Code Injection Vulnerability

Discuz!ML is an open source community forum system based on the Discuz!X engine. A security vulnerability exists in Discuz!ML version 3.2 to 3.4. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

USN-4009-2 php5 vulnerabilities

USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP t...

PHP EXIF Extended Buffer Overflow Vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development and supports a variety of databases and operating systems.EXIF extension is one of the...

UBUNTU-CVE-2019-11040

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

baigoStudio baigoSSO Code Injection Vulnerability

baigoStudio baigoSSO is a single sign-on system. A security vulnerability exists in baigoStudio baigoSSO v3.0.1. The vulnerability can be exploited by a remote attacker to execute arbitrary PHP code via the site name field in the base configuration...

HuCart has a file upload vulnerability

HuCart is a PHP+Mysql based enterprise building system CMS that can run on various server platforms such as Linux and Windows. HuCart has a file upload vulnerability that can be exploited by attackers to upload arbitrary files...