CVE-2022-45025

Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function...

Command injection

Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function...

CVE-2022-45025

Markdown Preview Enhanced v0.6.5 and v0.19.6 for VSCode and Atom was discovered to contain a command injection vulnerability via the PDF file import function...

Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

The plugin does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed. 1. Navigate to: Appearance Import Demo Content Theme Demo Importer Manually upload the demo files 2. Use the XML file...

CVE-2022-3357

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site...

CVE-2022-3334

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

PT-2022-21788 · Unknown · Smart Slider 3

Name of the Vulnerable Software and Affected Versions: Smart Slider 3 versions prior to 3.5.1.11 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injection issues if a malicious file is imported and a suitable gadget chai...

CVE-2022-3357 Smart Slider 3 < 3.5.1.11 - PHP Object Injection

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site...

CVE-2022-3334 Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection

The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

PT-2022-21774 · WordPress · Kadence Woocommerce Email Designer

Name of the Vulnerable Software and Affected Versions: Kadence WooCommerce Email Designer WordPress plugin versions prior to 1.5.7 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when an admin imports a...

Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following co...

GitLab 资源管理错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. A security vulnerability exists in GitLab EE/CE. An attacker exploited the...

Mattermost 资源管理错误漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. Mattermost 6.7.0 and earlier versions are vulnerable to a resource management error, which stems from the inability of the Slack import feature to properly limit the size of imported files, and can be exploited to import...

CVE-2022-2268

The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE...

CVE-2022-1574

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files such as PHP on the remote server...

CVE-2022-29237 Limited Authentication Bypass for Media Files in Opencast

Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassin...

CVE-2021-25010

CVE-2021-25010 affects the WordPress Post Snippets plugin prior to 3.1.4. The root cause is absence of CSRF checks when importing files, allowing a logged-in admin to import arbitrary snippets. Imported snippets are not sanitized/escaped, enabling Stored Cross-Site Scripting (XSS). Documented ref...

Directory Traversal

pimcore is vulnerable to directory traversal. It does not properly handle session for file import, exposing server path for translation import...

Post Snippets < 3.1.4 - CSRF to Stored Cross-Site Scripting

The plugin does not have CSRF check when importing files, allowing attacker to make a logged In admin import arbitrary snippets. Furthermore, imported snippers are not sanitised and escaped, which could lead to Stored Cross-Site Scripting issues PoC The XSS will be triggered anywhere in the backe...