Remote code execution

A remote code execution RCE vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php...

CVE-2022-26272

Ionize CMS is affected by a remote code execution vulnerability (CVE-2022-26272) in Ionize v1.0.8.1. The issue allows an attacker to execute arbitrary code by supplying a crafted string written to the file application/config/config.php. Public sources consistently describe this as an RCE without ...

QuickBox code injection vulnerability

QuickBox is a media server application and service management system from the QuickBox team. A code injection vulnerability exists in QuickBox Pro v2.5.8 and below due to a variable in the config.php file that accepts a GET parameter value and parses it as shellexec and fails to properly clean up...

CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

CVE-2021-44981

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

CVE-2021-44981

CVE-2021-44981 affects QuickBox Pro v2.5.8 and earlier. The config.php variable accepts a GET parameter and is parsed into shell_exec(''); without proper sanitization, enabling remote code execution. The media server runs as root by default, allowing an attacker to use sudo within that shell_exec...

CVE-2021-26786

An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php...

Code injection

An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php...

CVE-2021-26786

An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php...

CVE-2011-2195

A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system...

websvn 操作系统命令注入漏洞

websvn is a software application. An online Subversion repository viewer. An operating system command injection vulnerability exists in WebSVN. The vulnerability stems from a flaw found in WebSVN 2.3.2. Without prior authentication, if the "allowDownload" option is enabled in config.php, an...

Memory corruption

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits as as AnonRateThrottle or UserRateThrottle was thus not rat...

CVE-2020-21652

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the addqq method...

CVE-2020-21650

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the add method...

Remote code execution

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the add method...

Remote code execution

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the addqq method...

CVE-2020-21652

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the addqq method...

CVE-2020-21650

CVE-2020-21650 concerns Myucms v2.2.1 with a remote code execution vulnerability in the component \controller\Config.php , exploitable via the add() method. The connected sources consistently identify an RCE condition but do not provide specific root-cause details or official patch versions. Some...

CVE-2020-21650

Myucms v2.2.1 contains a remote code execution RCE vulnerability in the component \controller\Config.php, which can be exploited via the add method...

WordPress 插件路径遍历漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Plugins Zoomsounds, which stems from a plugin version = 6.45 that allow...