6 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the invokefunction process. An attacker can execute arbitrary PHP code by sending specially crafted requests to the index.php endpoint with malicious function parameters. Remediation...
PT-2026-34466
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...
PT-2026-5281
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...
EUVD-2026-3620
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write
Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...
Hestia Control Panel security vulnerabilities
Hestia Control Panel is an open-source host control panel developed by Hestia. Version 1.3.2 of Hestia Control Panel contains a security vulnerability. This vulnerability stems from arbitrary file writing in the API index.php endpoint, which could allow authenticated attackers to write files...