CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

PT-2024-12111 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to run arbitrary code via the File Manager/Editor component in the vendor or admin menu. This is a result of a File Upload vulnerability. Recommendations: For...

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

CVE-2023-26690

File Upload vulnerability in CS-Cart MultiVendor 4.16.1 allows remote attackers to run arbitrary code via File Manager/Editor component in the vendor or admin menu...

CVE-2023-26690

CVE-2023-26690 affects CS-Cart MultiVendor 4.16.1. A File Upload vulnerability in the File Manager/Editor component accessible from vendor or admin menus allows remote code execution by unauthenticated/low-privileged vectors per the reported description. Multiple sources (NVD, Red Hat, CNNVD, CVE...

CVE-2024-46086

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/delete/123...

PT-2024-31906 · Frog Cms · Frog Cms

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was discovered. The issue can be exploited via the /admin/?/plugin/file manager/delete/123 API endpoint. Recommendations: For FrogCMS version 0.9.5, as a temporary...

CVE-2024-45398

Contao CMS vulnerability: a back-end user with file-manager access can upload and execute malicious files on the server, enabling remote command execution. Affected range includes Contao 4.x up to 4.13.48, 5.x up to 5.4.2. Remediation recommended by advisories is to upgrade to Contao 4.13.49, 5.3...

GHSA-VM6R-J788-HJH5 Contao affected by remote command execution through file upload

Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...

CVE-2024-46362

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/createdirectory...

CVE-2024-46085

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/rename...

CVE-2024-46085

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/rename...

PT-2024-31969 · Frog Cms · Frog Cms

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was discovered in FrogCMS. The vulnerability can be exploited via the "/admin/?/plugin/file manager/create directory" endpoint. This allows an attacker to perform...

FrogCms 安全漏洞

FrogCms is an HTTP server by philippe personal developer. A security vulnerability exists in FrogCms version V0.9.5, which originates from a cross-site request forgery initiated via /admin/? /plugin/filemanager/rename initiated cross-site request forgery...

CVE-2024-46362

CVE-2024-46362 – FrogCMS v0.9.5 CSRF flaw : The Red Hat/NVD/NVD-linked entries describe a Cross‑Site Request Forgery vulnerability exploitable via the endpoint /admin/?/plugin/file_manager/create_directory in FrogCMS 0.9.5. The underlying issue is CSRF that could allow an attacker to perform unau...

CVE-2024-46085

FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/?/plugin/filemanager/rename...

FrogCms 安全漏洞

FrogCms is an HTTP server by philippe personal developer. A security vulnerability exists in FrogCms version V0.9.5, which originates from an HTTP server initiated via /admin/? /plugin/filemanager/createdirectory initiated cross-site request forgery...

PT-2024-31602 · Contao · Contao

Name of the Vulnerable Software and Affected Versions: Contao versions prior to 4.13.49 Contao versions prior to 5.3.15 Contao versions prior to 5.4.3 Description: Contao is an Open Source CMS. In affected versions, a back end user with access to the file manager can upload malicious files and...

Contao 代码问题漏洞

Contao is an open source Content Management System CMS developed in PHP by Contao Open Source. The system supports search engines, rights management, and CSS frameworks. A code issue vulnerability exists in Contao 4.0.0 and prior versions, which originates from a backend user with file manager...