CVE-2018-11392

An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code...

CVE-2018-11392

The CVE-2018-11392 vulnerability affects Jigowatt “PHP Login & User Management” (Envato Market) via /classes/profile.class.php. Versions before 4.1.1 allow any remote authenticated user to upload a .php file through the profile avatar field, resulting in arbitrary code execution when the uploaded...

CVE-2018-11392

An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field. This results in arbitrary code...

Jigowatt PHP Event Calendar "year" SQL注入漏洞

Jigowatt PHP Event Calendar是一款日历WEB应用程序。 Jigowatt PHP Event Calendar calendar/dayview.php不正确过滤"year"参数数据，允许远程攻击者利用漏洞提交特制的SQL查询，操作或获取数据库数据。 0 Jigowatt PHP Event Calendar 2.x 目前没有详细解决方案： http://codecanyon.net/item/php-event-calendar/47723...

Jigowatt PHP Event Calendar - 'day_view.php' SQL Injection

source: https://www.securityfocus.com/bid/66923/info Jigowatt PHP Event Calendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, acces...