PT-2024-39907 · 10Web · The Photo Gallery

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress versions up to, and including, 1.8.30 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization a...

WordPress plugin Photo Gallery by 10Web 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists i...

WordPress Photo Gallery by 10Web plugin <= 1.8.30 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by tmrswrr in WordPress Plugin Photo Gallery by 10Web versions = 1.8.30...

BIT-MYBB-2022-24734

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

MyBB (prior 1.8.30) Admin Control Remote Code Execution Exploit

This Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a...

CVE-2022-24734 Remote code execution in mybb

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

CVE-2022-24734 Remote code execution in mybb

MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...

PT-2022-2581 · Mybb · Mybb

Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.30 Description: The issue is related to the Admin CP's Settings management module, which does not validate setting types correctly on insertion and update. This allows an attacker to add settings of supported type p...

EulerOS Virtualization 3.0.6.0 : sudo (EulerOS-SA-2020-1785)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of ...

PT-2019-4664 · Todd Miller +4 · Sudo +4

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.29 and earlier Description: The issue is related to the sudoer account with Runas ALL privileges, allowing an attacker to impersonate a nonexistent user by invoking sudo with a numeric uid not associated with any user. This...