CVE-2020-21650

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the add method...

CVE-2020-21652

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the addqq method...

CVE-2020-22124

A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information...

CVE-2019-14746

A issue was discovered in KuaiFanCMS 5.0. It allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

CVE-2012-0782

Multiple cross-site scripting XSS vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dbhost, 2 dbname, or 3 uname parameter. NOTE: the vendor disputes the significance of...

CVE-2009-1880

Cross-site scripting XSS vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 model.php and 2 config.php with timestamps before 20090521...

CVE-2005-4686

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregisterglobals function, which allows attackers to obtain unspecified sensitive information...

CVE-2025-1730 Simple Download Counter <= 2.0 - Authenticated (Author+) Arbitrary File Read

The Simple Download Counter plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.0 via the 'simpledownloadcounterdownloadhandler'. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data includi...

CVE-2025-26616

WeGIA (open source Web Manager) contains a Path Traversal vulnerability in the exportar_dump.php endpoint that could disclose sensitive data in config.php, potentially enabling direct database access. Affected versions are prior to 3.2.14. The issue has been addressed in version 3.2.14, and users...

CVE-2025-26616 Path Traversal endpoint 'exportar_dump.php' parameter 'file' in WeGIA

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A Path Traversal vulnerability was discovered in the WeGIA application, exportardump.php endpoint. This vulnerability could allow an attacker to gain unauthorized access to sensitive information stored...

PT-2025-7215 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A Path Traversal issue was discovered in the WeGIA application, affecting the exportar dump.php endpoint. This could allow an attacker to gain unauthorized access to sensitive information stored in...

CVE-2024-4347

The WP Fastest Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.6 via the specificDeleteCache function. This makes it possible for authenticated attackers to delete arbitrary files on the server, which can include wp-config.php files of the...

CVE-2025-0480

CVE-2025-0480 affects WUZHI CMS 4.1.0. The vulnerability is in coreframe/app/search/admin/config.php where manipulation of the sphinxhost/sphinxport parameter leads to server-side request forgery. It can be triggered remotely and exploits have been disclosed publicly. Affected component and impac...

CVE-2024-10470

The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it...

CVE-2024-51055

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component...

CVE-2024-51055

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component...

Hoosk 安全漏洞

Hoosk is a lightweight content management system by the individual developers of Havok. A security vulnerability exists in Hoosk v1.7.1, which stems from a well-designed script that can execute arbitrary code in the config.php component...

PT-2024-34505 · Hoosk · Hoosk

Name of the Vulnerable Software and Affected Versions: Hoosk version 1.7.1 Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the config.php component. Recommendations: For Hoosk version 1.7.1, consider disabling access to the config.php component...

CVE-2024-51055

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component...

CVE-2024-51055

An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component...