CVE-2020-37116 GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access

GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...

CVE-2026-1056 Snow Monkey Forms <= 12.0.3 - Unauthenticated Arbitrary File Deletion via Path Traversal

The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generateuserdirpath' function in all versions up to, and including, 12.0.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

CVE-2025-14610

The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be fetched when importing CSV data from a URL in the Data Table widget. This makes it possible for...

PT-2026-5058

Name of the Vulnerable Software and Affected Versions TableMaster for Elementor versions up to and including 1.3.6 Description The TableMaster for Elementor plugin for WordPress is susceptible to Server-Side Request Forgery. This occurs because the plugin does not limit the URLs that can be...

CVE-2025-58092

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58093

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58088

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58092

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58088

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58087

Talos reports multiple reflected XSS vulnerabilities in MedDream PACS Premium 7.3.6.870, affecting the config.php status parameter. The issue allows an attacker to craft a URL that injects arbitrary JavaScript, enabling arbitrary code execution in the browser. CVE-2025-58087 is among a set of XSS...

MedDream PACS Premium Cross-site Scripting Vulnerability

MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a cross-site scripting vulnerability. This vulnerability stems from the longtermdir parameter in the config.php function,...

MedDream PACS Premium config.php multiple reflected cross-site scripting (XSS) vulnerability

Talos Vulnerability Report TALOS-2025-2271 MedDream PACS Premium config.php multiple reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-58089,CVE-2025-58093,CVE-2025-58090,CVE-2025-58091,CVE-2025-58088,CVE-2025-58087,CVE-2025-58094,CVE-2025-58095,CVE-2025-58092...

MedDream PACS Premium 跨站脚本漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input in config.php. An attacker can exploit this vulnerability to...

MedDream PACS Premium Cross-site Scripting Vulnerability

MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a cross-site scripting vulnerability. This vulnerability stems from the worklistsrc parameter in the config.php file, which...

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

CVE-2025-62521

ChurchCRM is an open-source church management system. Prior to version 5.21.0, a pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

EUVD-2025-203524

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the fpdcustomuplodfile AJAX action, which flows directly into the getimagesi...

CVE-2025-13439

The Fancy Product Designer plugin for WordPress is vulnerable to Information Disclosure and PHAR Deserialization in all versions up to, and including, 6.4.8. This is due to insufficient validation of user-supplied input in the 'url' parameter of the 'fpdcustomuplodfile' AJAX action, which flows...

CVE-2025-12529

The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles function in all versions up to, and including, 3.6.3. This makes it possible for unauthenticated attackers to inject arbitrary file paths int...