956 matches found
CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting
The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...
CVE-2026-3352
The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...
CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting
The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...
PT-2026-23820
Name of the Vulnerable Software and Affected Versions Easy PHP Settings plugin for WordPress versions up to and including 1.0.4 Description The Easy PHP Settings plugin for WordPress is susceptible to PHP Code Injection due to inadequate input validation on the wp memory limit and wp max memory...
📄 SPIP Saisies 5.11.0 Remote Code Execution
Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...
📄 Selenium Server (Grid) 4.27.0 Code Injection
Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...
📄 MikroTik RouterOS WinBox 3.41 Username Enumeration
Proof of concept exploit for MikroTik RouterOS WinBox version 3.41 that demonstrates a username enumeration vulnerability. ============================================================================================================================================= | Title : MikroTik RouterOS WinB...
CVE-2019-25260
OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute...
CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...
CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...
CVE-2021-47778
CVE-2021-47778 affects GetSimple CMS My SMTP Contact Plugin 1.1.2. A PHP code injection vulnerability exists that allows an authenticated administrator to inject arbitrary PHP code via plugin configuration parameters, resulting in remote code execution on the server. The Red Hat and NVD/NVD-deriv...
CVE-2023-43835
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...
CVE-2018-10133
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php...
CVE-2021-41421
A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel...
CVE-2022-35914
/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...
CVE-2020-7206
HP nagios plugin for iLO nagios-plugins-hpilo v1.50 and earlier has a php code injection vulnerability...
CVE-2020-12842
ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php...
CVE-2020-10389
admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings...
CVE-2023-4197
Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...
CVE-2025-14509
The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...