44 matches found
CVE-2026-25510
CVE-2026-25510 affects CI4MS, a CodeIgniter 4–based CMS skeleton. The vulnerability exists in the /backend/fileeditor/createFile and /backend/fileeditor/save endpoints, where an authenticated user with file editor permissions can upload and save files (including PHP) and execute arbitrary code on...
CI4MS 代码问题漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.28.5.0 contained code vulnerabilities. These vulnerabilities allowed verified users with file editor privileges to upload and execute arbitrary PHP code through file creation and saving endpoints,...
Arbitrary File Upload
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the createFile and save endpoints. An attacker can execute arbitrary code on the server by creating a file with a dangerous extension and injecti...
PT-2026-6425
Summary A critical vulnerability has been identified in CI4MS that allows an authenticated user with file editor permissions to achieve Remote Code Execution RCE. By leveraging the file creation and save endpoints, an attacker can upload and execute arbitrary PHP code on the server. Vulnerability...