Lucene search
K

6 matches found

Snyk
Snyk
added 2026/04/23 3:7 p.m.5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the invokefunction process. An attacker can execute arbitrary PHP code by sending specially crafted requests to the index.php endpoint with malicious function parameters. Remediation...

9.8CVSS5.9AI score0.0089EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.11 views

PT-2026-34466

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

9.8CVSS6.8AI score0.0089EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.9 views

PT-2026-5281

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

8.2CVSS6AI score0.00278EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/21 5:27 p.m.7 views

EUVD-2026-3620

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS5.8AI score0.00421EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/21 5:27 p.m.21 views

CVE-2021-47871 Hestia Control Panel 1.3.2 - Arbitrary File Write

Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit the v-make-tmp-file command to write SSH keys or other content to specific file paths on the...

8.8CVSS0.00421EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.9 views

Hestia Control Panel security vulnerabilities

Hestia Control Panel is an open-source host control panel developed by Hestia. Version 1.3.2 of Hestia Control Panel contains a security vulnerability. This vulnerability stems from arbitrary file writing in the API index.php endpoint, which could allow authenticated attackers to write files...

8.8CVSS5.9AI score0.00421EPSS
Exploits0References4
Rows per page
Query Builder