12 matches found
ElkArte 1.1.0 Cross Site Scripting
A cross site scripting vulnerability exists in ElkArte Forum version 1.1.0. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...
EUVD-2024-55336
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...
CVE-2024-58295
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...
CVE-2024-58295
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...
Arbitrary File Upload
Overview elkarte/elkarte is an ElkArte PHP-based community discussion forum. Affected versions of this package are vulnerable to Arbitrary File Upload via the theme installation process. An attacker can execute arbitrary code by uploading a ZIP archive containing a malicious PHP file, which is th...
CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...
CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...
CVE-2024-58295
CVE-2024-58295 affects ElkArte Forum 1.1.9. A remote code execution vulnerability allows authenticated administrators to upload a ZIP containing a PHP file through the theme installation process, with the uploaded PHP file executed when accessed in the theme directory. Exploitation is described i...
PT-2025-50749
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...
Elkarte 代码问题漏洞
Elkarte is an open source forum software by ElkArte. A code issue vulnerability exists in Elkarte version 1.1.9, which stems from a PHP file upload during theme installation that could lead to the execution of system commands...
ElkArte Forum 1.1.9 - Remote Code Execution (RCE) (Authenticated)
Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Date: 2024-5-24 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1...
ElkArte Forum 1.1.9 Remote Code Execution Vulnerability
Exploit Title : ElkArte Forum 1.1.9 - Remote Code Execution RCE Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://www.elkarte.net/ Software Link : https://github.com/elkarte/Elkarte/releases/download/v1.1.9/ElkArtev1-1-9install.zip Version : 1.1.9 1 After login go t...