PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

CVE-2021-24949

The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection...

CVE-2025-24949

In JotUrl 2.0, is possible to bypass security requirements during the password change process...

CVE-2025-24949

CVE-2025-24949 affects JotUrl 2.0. Described vulnerability: bypass of security requirements during the password change process. Per initial data, CVSSv3.1: AV:N, AC:H, PR:N, UI:N, S:U, C:H, I:L, A:N (base score 6.5, MEDIUM). Exploitation details are not provided in the connected records, and ther...

CVE-2025-24949

In JotUrl 2.0, is possible to bypass security requirements during the password change process...

CVE-2023-24949

Technical details for CVE-2023-24949 (affected product/versions, root cause, impact, or fixes) are not publicly provided in the supplied documents. Monitor official advisories and updates from the connected sources for new information.

openSUSE 15 Security Update : EternalTerminal (openSUSE-SU-2022:10187-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10187-1 advisory. - A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition,...

Security update for EternalTerminal (important)

openSUSE Security Update: Security update for EternalTerminal Announcement ID: openSUSE-SU-2022:10185-1 Rating: important References: 1202432 1202433 1202434 1202435 Cross-References: CVE-2022-24949 CVE-2022-24950 CVE-2022-24951 CVE-2022-24952 CVSS scores: CVE-2022-24949 NVD : 7.5...

CVE-2022-24949

creationtimestamp| type| source ---|---|--- 2022-08-16 07:38:37+00:00| seen| https://t.me/cibsecurity/48198...

CVE-2022-24949

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen...

CVE-2022-24949

EternalTerminal (pre-6.2.0) has a local privilege-escalation bug in PipeSocketHandler::listen() caused by a race condition, a buffer overflow, and a logic bug. CVE-2022-24949 is addressed in EternalTerminal 6.2.1, per OSV/OpenSUSE fixes; update to 6.2.1 to remediate. Other CVEs (24950–24952) are ...

CVE-2021-24949

creationtimestamp| type| source ---|---|--- 2022-01-10 18:15:13+00:00| seen| https://t.me/cibsecurity/35193...

CVE-2021-24949

The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection...

CVE-2021-24949

The CVE-2021-24949 concerns The Plus Addons for Elementor Pro WordPress plugin (pre-5.0.7). The WP Search Filters widget fails to sanitise and escape the option parameter before using it in a SQL statement, enabling unauthenticated SQL injection. Affected product: The Plus Addons for Elementor Pr...

CVE-2021-24949 The Plus Addons for Elementor Pro < 5.0.7 - Unauthenticated SQL Injection

The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection...

VulnCheck KEV: CVE-2020-24949

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...

PHPFusion < 9.03.60 RCE Vulnerability - Active Check

PHPFusion is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHPFusion 9.03.50 - Remote Code Execution

Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...

CVE-2020-24949

creationtimestamp| type| source ---|---|--- 2021-05-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/49911 2021-05-28 09:44:39+00:00| seen| https://t.me/pwnwikizhchannel/517 2025-11-11 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-11-11 2026-03-22...

PHP-Fusion downloads.php Privilege Escalation (CVE-2020-24949)

A privilege escalation vulnerability exists in PHP-Fusion. The vulnerability is due to insufficient validation of HTTP request parameters in downloads.php...