CVE-2017-17731

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php...

CVE-2024-37869

The CVE-2024-37869 entry describes a file upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0. A remote attacker can trigger arbitrary code execution via the poster.php handler, with the uploaded payload received through the $_FILES variable. The available references indica...

CVE-2017-17731

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php...

Sql injection

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php...

CVE-2017-17731

DedeCMS through 5.7 has SQL Injection via the $FILES superglobal to plus/recommend.php...

CVE-2017-17731

DedeCMS 5.7 is affected by an SQL injection in plus/recommend.php via the $_FILES superglobal. The vulnerability allows execution of arbitrary SQL through crafted file-upload input, with potential data leakage or manipulation. Remediation is to apply the latest security patch or upgrade to a newe...

PHP 5.4.x < 5.4.1 Multiple Vulnerabilities

Binary data 6994.prm...

CVE-2012-1172

The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for remote attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file...

PHP < 5.3.11 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is earlier than 5.3.11, and as such is potentially affected by multiple vulnerabilities : - During the import of environment variables, temporary changes to the 'magicquotesgpc' directive are not handled properly. This can...

PHP 5.4.x < 5.4.1 Multiple Vulnerabilities

According to its banner, the version of PHP installed on the remote host is 5.4.x earlier than 5.4.1, and, therefore, potentially affected by multiple vulnerabilities : - The '$FILES' variable can be corrupted because the names of uploaded files are not properly validated. CVE-2012-1172 - The...

Mandriva Linux Security Advisory : php (MDVSA-2012:065)

Multiple vulnerabilities has been identified and fixed in php : The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service application crash via a crafted application that uses a PDO driver for a...

[VulnWatch] Php Vulnerability N. 2

Let's go for the second one: ========================================= Title: Overwrite $FILE array in rfc1867 - Mime multipart/form-data File Upload Affected: Php = 5.0.1 Not Affected: it seems none Vulnerability Type: Possible write of a downloaded file in an arbitrary location. Vendor Status:...