phpBB Remote Code Execution

Passing an absolute path to a fileexists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions...

After updating Veeam Backup & Replication, Mine repository fails to update

End-of-Life Product Nutanix Mine with Veeam reached End-of-Life on 2026-04-30. As of this date, all support services for this product are unavailable. For more information, see the Nutanix EOL Announcement Bulletin - Nutanix Mine, released 2025-04-30. Challenge After installing an update to Veeam...

Rainworx Auctionworx 跨站请求伪造漏洞

Rainworx Auctionworx is an online auction software. A security vulnerability previously existed in Rainworx Auctionworx version 3.1R2 that allowed authenticated users to upgrade their account to administrator and gain access to the Auctionworx administrator control panel, resulting in a cross-sit...

CVE-2022-1509

Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context...

Sed Injection Vulnerability

Description In Hestia Control Panel 1.5.11, several v-scripts shell scripts have sed injection vulnerabilities. By chaining these vulnerabilities, an authenticated remote attacker with low privileges can execute arbitrary code under root context. Sed injection vulnerabilities exist in the followi...

MyBB Admin Control Panel Remote Code Execution (CVE-2022-24734)

A code injection vulnerability exists in MyBB. The vulnerability is due to insufficient input validation when parsing user input sent to Admin Control Panel...

Dairy Farm Shop Management System Hardcoded Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . A hard-coded vulnerability exists in the Dairy Farm Shop Management System, which stems from hard-coded credentials in the code that can be exploited by an attacker to access the control panel...

Russian threat actor UAC-0056 targets European countries

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Governmental Computer Emergency Response Team of Ukraine CERT-UA has released an alert about a Russian threat actor UAC-0056 SaintBear, UNC2589, TA471 delivering malwares using email attachments. UNC2589 is a cyber...

Hestiacp Cross-Site Scripting Vulnerability (CNVD-2022-21544)

Hestiacp is a control panel used to provide administrators with an easy-to-use Web and command-line interface that enables them to quickly deploy and manage Web domains, mail accounts, DNS zones, and databases from a central dashboard.Hestiacp contains a cross-site scripting vulnerability that...

CWP Panel 代码注入漏洞

CWP Panel is a modern and advanced Linux control panel from CWP Inc. for web hosting service providers and system administrators. A code injection vulnerability exists in CWP Panel el8-latest, which could allow a remote attacker to execute arbitrary code on an affected system...

MyBB Admin Control Panel Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of MyBB. Authentication is required to exploit this vulnerability. The specific flaw exists within the Control Panel. The issue results from the lack of proper validation of a user-supplied string befor...

Reflected Cross-site Scripting (XSS) Vulnerability

Description hestiacp is vulnerable to Reflected XSS in the Hostname field within Basic Options of the function "Configure Server" in Hestia Control Panel Proof of Concept 1 Access https://demo.hestiacp.com:8083/edit/server/ 2 Click "Configure" 3 Click Basic Options 4 Enter below as payload in the...

MyBB 代码注入漏洞

MyBB is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A remote code execution vulnerability exists in MyBB, which can be exploited to cause a Remote Code Execution RCE...

Hestiacp Cross-Site Scripting Vulnerability

Hestiacp is an open source Linux web server control panel designed to provide administrators with an easy-to-use web and command line interface. Hestiacp suffers from a cross-site scripting vulnerability that originates from an unprocessed user-controlled GET domain parameter in index.php, which...

Hestiacp Cross-Site Scripting Vulnerability (CNVD-2022-23468)

Hestiacp is a lightweight and powerful control panel for modern networks. hestiacp is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to cause client-side code execution...

Cipi Control Panel 3.1.15 Cross Site Scripting

Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Date: 24.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the...

Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)

Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Date: 24.02.2022 Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the...

Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (Authenticated) Vulnerability

Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting XSS Authenticated Exploit Author: Fikrat Ghuliev Ghuliev Vendor Homepage: https://cipi.sh/ Software Link: https://cipi.sh/ Version: 3.1.15 Tested on: Ubuntu When the user wants to add a new server on the "Server" panel, in...

Plesk Cross-Site Request Forgery Vulnerability (CNVD-2022-91163)

Plesk is a hosting control panel from the Swiss company Plesk. version 18.0.37 of Plesk is vulnerable to cross-site request forgery, which stems from the software's lack of validation of cross-site request forgery tokens. An attacker could exploit this vulnerability to insert data in the user and...

CVE-2020-8242

Unsanitized user input in ExpressionEngine = 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack...