36 matches found
CVE-2025-34225 Vasion Print (formerly PrinterLogic) SSRF via console_release Directory
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a server-side request forgery SSRF vulnerability. The consolerelease directory is reachable from the internet without any authentication. Insi...
CVE-2025-34233 Vasion Print (formerly PrinterLogic) Insecure Use of file_get_contents()
Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contain a protection mechanism failure vulnerability within the filegetcontents function. When an administrator configures a printer’s hostname or...
Vasion Print Virtual Appliance Host 安全漏洞
Vasion Print Virtual Appliance Host is a print management software from Vasion USA. A security vulnerability exists in Vasion Print Virtual Appliance Host versions prior to 25.1.102 that stems from the filegetcontents function not validating input, which could lead to credential disclosure and...
CVE-2025-58653
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JS Morisset JSM filegetcontents Shortcode wp-file-get-contents allows Stored XSS.This issue affects JSM filegetcontents Shortcode: from n/a through = 2.7.1...
CVE-2025-58653 WordPress JSM file_get_contents() Shortcode Plugin <= 2.7.1 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in JS Morisset JSM filegetcontents Shortcode wp-file-get-contents allows Stored XSS.This issue affects JSM filegetcontents Shortcode: from n/a through = 2.7.1...
WordPress plugin JSM file_get_contents Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that provides the ability to host a personal blog site on a PHP and MySQL based server. A cross-site scripting...
Bottinelli Informatical Vedo Suite 安全漏洞
Bottinelli Informatical Vedo Suite is an enterprise software suite for the textile and design industry from Bottinelli Informatica, Italy. A security vulnerability exists in Bottinelli Informatical Vedo Suite version 2024.17 that stems from an uncleaned filegetcontents function call that could le...
The vulnerability of the `file_get_contents()` and `file_put_contents()` methods in the Ignition PHP framework’s Laravel library allows a attacker to execute arbitrary code.
The vulnerability of the filegetcontents and fileputContents methods in the Ignition PHP framework’s Laravel library is related to improper code generation. Exploiting this vulnerability may allow an attacker to execute arbitrary code...
SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability
SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A server-side...
CVE-2018-10522
In CMS Made Simple CMSMS through 2.2.7, the "file view" operation in the admin dashboard contains a sensitive information disclosure vulnerability, exploitable by ordinary users, because the product exposes unrestricted access to the PHP filegetcontents function...
Jieqi CMS <= 1.5 - Remote Code Execution Exploit
No description provided by source. ?php printr' +---------------------------------------------------------------------------+ Jieqi cms = 1.5 remote code execution exploit by Securitylab.ir mail: [email protected] +---------------------------------------------------------------------------+ '; ...
SN News 1.2 - 'visualiza.php' SQL Injection
\n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/snnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "visualiza.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get informations...\n"; $infos =...
PHP Hashtables Denial of Service
Exploit for php platform in category dos / poc 0day.today 2018-02-06...
Sniggabo CMS - 'article.php?id' SQL Injection
milw0rm.com 2009-06-11...
Joomla! Component com_Eventing 1.6.x - Blind SQL Injection
1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...
pLink 2.07 - linkto.php Blind SQL Injection
pLink 2.07 - linkto.php Blind SQL Injection php '.$argv0.' http://www.site.com/link/linkto.php?id=128 2 Live Demo : http://www.uni-leipzig.de/fsrpowi/link/linkto.php?id=128 2 '; if $argc 1 $url = $argv1; if $argc 3 $userid = 1; else $userid = $argv2; $r = strlenfilegetcontents$url."+and+1=1/"; ec...