KR-Web <=1.1b2 - Remote File Inclusion

KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENTROOT parameter. id: CVE-2009-4223 info: name: KR-Web =1.1b2 - Remote File Inclusion author: geeknik severity: high...

pgAdmin < 6.17 - Unauthenticated Remote Code Execution

pgAdmin prior to 6.17 contains an insecure HTTP API caused by improper access control, letting unauthenticated users execute arbitrary external utilities via path manipulation, exploit requires no authentication. id: CVE-2022-4223 info: name: pgAdmin 6.17 - Unauthenticated Remote Code Execution...

CVE-2026-4223

creationtimestamp| type| source ---|---|--- 2026-03-20 14:00:13+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mhiohd3eru2q...

EUVD-2026-4223

An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 ...

ECHO-1852-84B4-4223

Bulletin has no description...

DLA-4223-1 debian-security-support - update

Bulletin has no description...

CVE-2025-4223

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘loginurl’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘loginurl’ parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Pagelayer plugin <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter vulnerability

Reflected Cross-Site Scripting via loginurl Parameter vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin PageLayer versions = 2.0.0...

CGA-6MV6-4223-R5WC

Bulletin has no description...

CVE-2024-4223

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...

CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...

CVE-2024-4223

CVE-2024-4223 affects Tutor LMS – eLearning and online course solution (WordPress plugin) up to version 2.7.0. A missing capability check enables unauthenticated attackers to add, modify, or delete data via HTTP requests (network vector). Wordfence lists a patched status for this CVE, indicating ...

CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization

The Tutor LMS plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. This makes it possible for unauthenticated attackers to add, modify, or delete...

WordPress Tutor LMS Plugin <= 2.7.0 is vulnerable to Broken Access Control

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.0 Fixed in 2.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4223 Patch priority High CVSS severity High 8.6 Developer Claim ownership PSID 86348e33f1ae Credits villu164 Required privilege...

CVE-2023-4223

creationtimestamp| type| source ---|---|--- 2023-12-17 14:42:58+00:00| seen| https://t.me/ctinow/155613...

CVE-2023-4223

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

CVE-2023-4223

Technical details for CVE-2023-4223 are not present in the provided documents; related advisories discuss Chamilo file-upload issues but do not provide specifics for this CVE. Monitor for updates.

CVE-2023-4223 Chamilo LMS File Upload Functionality Remote Code Execution

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

SUSE CVE-2016-4225

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2016-4223 and CVE-2016-4224...