Dolibarr ERP/CRM Authenticated Code Injection

Dolibarr ERP/CRM before 17.0.1 allows remote code execution by an authenticated user who has access to the Website module. The application filters lowercase use exploit/unix/http/dolibarrcmsrcecve202330253 msf exploitdolibarrcmsrcecve202330253 show targets ...targets... msf...

EUVD-2026-8884

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

DEBIAN-CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

UBUNTU-CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

PT-2026-22182

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.10 Description SPIP versions before 4.4.10 have a SQL injection flaw. Authenticated low-privilege users can execute arbitrary SQL queries through union-based injection techniques. Attackers can combine this SQL...

Linux Distros Unpatched Vulnerability : CVE-2023-30253

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: ?PHP instead of ?php in injected data. CVE-2023-3025...

CVE-2023-30253

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: ?PHP instead of ?php in injected data...

CVE-2010-4727

Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors...

PHP 5.2.5 - 'mbstring.func_overload' WebServer Denial of Service

source: https://www.securityfocus.com/bid/33542/info PHP is prone to a denial-of-service vulnerability because it fails to limit global scope for certain settings relating to Unicode text operations. Attackers can exploit this issue to crash the affected webserver, denying service to legitimate...

Vikingboard 0.2 Beta - 'task' Local File Inclusion

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl Vikingboard = 0.2 Beta Local File Inclusion Vulnerability Script: "Vikingboard is a PHP-based discussion forum..." Script site:...

CJG EXPLORER PRO 3.2 - 'g_pcltar_lib_dir' Remote File Inclusion

S==A==U==D==I CJG EXPLORER PRO v3.2 pcltar.lib.phppcltrace.lib.php Remote File Include Vulnerabilities Found By : Mogatil , [email protected] Script Site : http://www.zascom.com/download/PHP/1868-CEP-PHP.ZIP File : /pcltar.lib.php include$gpcltarlibdir."/pclerror.lib.php"; File : /pcltrace.lib.php...

PHP 5.2.0 (OSX) - 'header()' Space Trimming Buffer Underflow

?php //////////////////////////////////////////////////////////////////////// // // // | || | | | | | | | || || \ // // | |/ || '|/ |/ -| ' \ / -/ |||| /| || / // // ||||,||| ,|||||||,| || |||||| // // // // Proof of concept code from the Hardened-PHP Project // // C Copyright 2007 Stefan...