68 matches found
CVE-2024-50484 WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...
CVE-2024-50484
CVE-2024-50484 : Unrestricted Upload of File with Dangerous Type in the WordPress plugin “Multi Purpose Mail Form” (Mahlamusa) allows uploading a web shell to the web server. Affected versions: 1.0.2 and earlier. The CVE entry notes an Arbitrary File Upload issue; the provided documents indicate ...
CVE-2024-50484 WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Lindeni Mahlalela Multi Purpose Mail Form multi-purpose-mail-form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through = 1.0.2...
PT-2024-34261 · Unknown · Mahlamusa Multi Purpose Mail Form
Name of the Vulnerable Software and Affected Versions: Mahlamusa Multi Purpose Mail Form versions 1.0.2 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, potentially enabling an attacker to upload a web shell to a web server. Recommendations: For...
WordPress Multi Purpose Mail Form plugin <= 1.0.2 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Multi Purpose Mail Form versions = 1.0.2...
WordPress Multi Purpose Mail Form Plugin <= 1.0.2 is vulnerable to Arbitrary File Upload
Software Multi Purpose Mail Form Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-50484 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 3feda20596e4 Credits Bonds Required privilege...
DRUPAL-CONTRIB-2024-020
The Email Contact module provides email field display formatters that can display the field as a link to the contact form, or as an inline contact form. The module does not sufficiently handle restricted entity or field access to the mail sending form, when the "Email contact link" formatter is...
CVE-2023-42040
PDF-XChange Editor mailForm Use-After-Free Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page ...
BaserCMS Code Injection Vulnerability
baserCMS is an enterprise-level content management system CMS from the baserCMS team. A code injection vulnerability exists in baserCMS versions 4.6.0 through 4.7.6, which stems from the application's failure to properly filter special elements of constructed snippets. An attacker can exploit the...
CVE-2023-43792
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...
Code injection
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...
CVE-2023-43792 baserCMS Code Injection Vulnerability in Mail Form Feature
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...
CVE-2023-43792 baserCMS Code Injection Vulnerability in Mail Form Feature
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...
CVE-2023-43792
CVE-2023-43792 affects baserCMS, with a Code Injection vulnerability in the mail form for versions 4.6.0–4.7.6 caused by inadequate filtering of constructed snippets. The advisory notes no patched versions at publication, but subsequent records indicate fixes: upgrade to baserCMS 4.7.7 (and 4.8.0...
CVE-2023-43792 baserCMS Code Injection Vulnerability in Mail Form Feature
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available...
Code Injection
basercms is vulnerable to Code Injection. The vulnerability is due to improper sanitization in Mail Form Feature. This can be exploited by the attacker by injecting malicious code via the Mail Form...
baserCMS 代码注入漏洞
baserCMS is an enterprise-level content management system CMS from the baserCMS team. A code injection vulnerability exists in baserCMS versions 4.6.0 through 4.7.6, which stems from the application's failure to properly filter special elements of constructed snippets. An attacker can exploit the...
GHSA-VRM6-C878-FPQ6 baserCMS Code Injection Vulnerability in Mail Form Feature
There is a Code Injection Vulnerability in Mail Form to baserCMS. Target baserCMS 4.7.6 and earlier versions Vulnerability Malicious code may be executed in Mail Form Feature. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...
baserCMS Code Injection Vulnerability in Mail Form Feature
There is a Code Injection Vulnerability in Mail Form to baserCMS. Target baserCMS 4.7.6 and earlier versions Vulnerability Malicious code may be executed in Mail Form Feature. Countermeasures Update to the latest version of baserCMS Please refer to the following page to reference for more...
PT-2023-28984 · Basercms · Basercms
Name of the Vulnerable Software and Affected Versions: baserCMS versions 4.6.0 through 4.7.6 Description: The issue is related to a Code Injection vulnerability in the mail form of baserCMS, a website development framework. This vulnerability allows malicious code to be executed in the Mail Form...