SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in SeaCMS version 13.0, which stems from improper restrictions on editing files, and can be...

CVE-2024-5366

A vulnerability has been found in SourceCodester Best House Rental Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file edit-cate.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The explo...

DEBIAN-CVE-2024-31210

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

CVE-2024-24161

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

Remote file inclusion

MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered...

PT-2024-20305 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.0 Description: The issue is related to an Arbitrary File Read vulnerability. It affects the /admin/file/edit.do endpoint, where the incoming path parameter is not properly filtered. This allows for unauthorized access to files...

CVE-2022-1538 Theme-Demo-Importer < 1.1.1 - Admin+ Arbitrary File Upload

Theme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files such as PHP even when FILEMODS and FILEEDIT are disallowed...

CSRF Edit Locale files

Description CSRF edit Locale files Proof of Concept 1 .Attack sends fake requests to users history.pushState'', '', '/'; document.forms0.submit; 2 .User click, edited unwanted Locale files Payload Poc https://drive.google.com/file/d/1wpgmDoK0fGsiPSKfThVoEWq50pj7sBz5/view?usp=sharing Video Poc...

CVE-2023-23348

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed...

CVE-2023-1303

A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. Th...

PT-2023-16875 · Ucms · Ucms

Name of the Vulnerable Software and Affected Versions: UCMS version 1.6 Description: A critical issue affects the System File Management Module, specifically the file sadmin/fileedit.php, allowing for unrestricted upload due to the manipulation of the file argument. This can be initiated remotely...

Sql injection

A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument taskid leads to sql injection. The attack can be initiated remotely. The complexit...

Desdev DedeCMS 跨站脚本漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...

Vulnerability fixed in sudo

A vulnerability has been fixed in sudo's -e option also known as sudoedit. A malicious person with sudoedit privileges can exploit the exploit the vulnerability to edit arbitrary files. In this way, the malicious party can obtain elevated privileges on the vulnerable system. The developers of sud...

Privilege Escalation

silverstripe/subsites is vulnerable to privilege escalation. The vulnerability exists in FileSubsites.php due to the lack of validation in file edit privileges, which allows an attacker to modify sensitive files inside the system...

CVE-2021-39428

Cross Site Scripting XSS vulnerability in Users.php in eyoucms 1.5.4 allows remote attackers to run arbitrary code and gain escalated privilege via the filename for editusersheadpic...

CVE-2022-3436

A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack can be launche...

CVE-2022-40217

Authenticated admin+ Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin = 2.6 at WordPress...

CVE-2022-40217

CVE-2022-40217 concerns the WordPress WPide plugin (XplodedThemes) versions ≤ 2.6, with an authenticated ARBITRARY FILE EDIT/UPLOAD vulnerability. Multiple sources confirm that an admin+ user can edit/upload arbitrary files within WPide, indicating a high impact under the documented conditions. P...

CVE-2022-40217 WordPress WPide plugin <= 2.6 - Authenticated Arbitrary File Edit/Upload vulnerability

Authenticated admin+ Arbitrary File Edit/Upload vulnerability in XplodedThemes WPide plugin = 2.6 at WordPress...