CVE-2026-5131 Server-Side Request Forgery in GREENmod

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to communicate with the stream and upload any XML or JSON file, which will be processed by the name...

CVE-2026-5131

GREENmod uses named pipes for communication between plugins, the web portal, and the system service, with ACLs configured incorrectly. This can allow an attacker to communicate with the stream and upload XML or JSON files, which are processed by the named pipe under the service user’s privileges,...

WordPress Filter & Grids plugin < 2.8.33 - Unauthenticated LFI vulnerability

Unauthenticated LFI vulnerability discovered by Project Black in WordPress Plugin Filter & Grids versions 2.8.33...

PT-2024-37424 · WordPress · Filter & Grids

Name of the Vulnerable Software and Affected Versions: The Filter & Grids WordPress plugin versions prior to 2.8.33 Description: The issue allows an unauthenticated attacker to include and execute PHP files on the server via the post layout parameter, enabling the execution of any PHP code in tho...

CVE-2023-45106

Cross-Site Request Forgery CSRF vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin = 2.8.33 versions...

WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF)

Software Urvanov Syntax Highlighter Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45106 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73e06e46354c Credits Mika...

SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit

Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...