GHSA-8CR7-R8QW-GP3C baserCMS has Mail Form Acceptance Bypass via Public API

Summary A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. Details In baserCMS, mail form...

baserCMS has Mail Form Acceptance Bypass via Public API

Summary A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. Details In baserCMS, mail form...

CVE-2026-30878

CVE-2026-30878 affects baserCMS. Before 5.2.3, the public mail submission API allowed unauthenticated users to submit mail form entries even when the form was not accepting submissions, bypassing administrative controls and enabling spam via the API. This issue is patched in version 5.2.3 . The C...

Exploit for Unrestricted Upload of File with Dangerous Type in Lindeni Multi_Purpose_Mail_Form

CVE-2024-50526 / 0-Click RCE Exploit - Author: Joshua Provost...

EUVD-2005-0494

Malware in sbrugna...

EUVD-2023-2820

Malicious code in bioql PyPI...

EUVD-2024-44910

Malicious code in bioql PyPI...

EUVD-2022-5734

Malicious code in bioql PyPI...

EUVD-2024-44939

Malicious code in bioql PyPI...

CVE-2024-50484

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...

CVE-2024-50526

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...

CVE-2024-50526

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...

CVE-2024-50526

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2...

CVE-2024-50526

Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2...

CVE-2024-50526

CVE-2024-50526 affects the WordPress plugin Multi Purpose Mail Form (mahlamusa) versions n/a through 1.0.2, due to an unrestricted upload of dangerous file types that can lead to remote code execution. An unauthenticated, pre-authentication 0-click exploit exists (GitHub PoC) and demonstrates arb...

CVE-2024-50526 WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...

PT-2024-34303

Name of the Vulnerable Software and Affected Versions: Multi Purpose Mail Form versions n/a through 1.0.2 Description: The issue allows users to upload dangerous files, potentially leading to a web server compromise by uploading a web shell. This can happen due to an unrestricted upload of file...

WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Multi Purpose Mail Form versions = 1.0.2...

WordPress Multi Purpose Mail Form Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload

Software Multi Purpose Mail Form Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50526 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 077c15d9e1a1 Credits stealthcopter Required privilege...

CVE-2024-50484

Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...