Lucene search
+L

44 matches found

CVE
CVE
added 2026/02/03 9:17 p.m.25 views

CVE-2026-25510

CVE-2026-25510 affects CI4MS, a CodeIgniter 4–based CMS skeleton. The vulnerability exists in the /backend/fileeditor/createFile and /backend/fileeditor/save endpoints, where an authenticated user with file editor permissions can upload and save files (including PHP) and execute arbitrary code on...

9.9CVSS6.1AI score0.00805EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.28.5.0 contained code vulnerabilities. These vulnerabilities allowed verified users with file editor privileges to upload and execute arbitrary PHP code through file creation and saving endpoints,...

9.9CVSS6.4AI score0.00805EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/02 9:52 p.m.1 views

Arbitrary File Upload

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the createFile and save endpoints. An attacker can execute arbitrary code on the server by creating a file with a dangerous extension and injecti...

9.9CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.12 views

PT-2026-6425

Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...

9.9CVSS6.6AI score0.00805EPSS
Exploits1References5
Rows per page
Query Builder