Lucene search
K

7229 matches found

Github Security Blog
Github Security Blog
added 2026/03/25 5:45 p.m.9 views

AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

Summary The ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file valid JPEG magic bytes followed by PHP cod...

8.8CVSS6.1AI score0.00639EPSS
Exploits1References4Affected Software1
Saint
Saint
added 2026/03/25 12:0 a.m.75 views

CraftCMS generate-transform command injection

Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...

6.1AI score
Exploits0
OSV
OSV
added 2026/03/23 6:23 p.m.4 views

CVE-2026-33647 AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

8.8CVSS5.9AI score0.00639EPSS
Exploits1References4
OSV
OSV
added 2026/03/23 2:5 p.m.9 views

CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

8.8CVSS6.4AI score0.00531EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/23 2:5 p.m.4 views

CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

8.8CVSS6.3AI score0.00531EPSS
Exploits1References2
CVE
CVE
added 2026/03/23 2:5 p.m.14 views

CVE-2026-33479

CVE-2026-33479 affects WWBN AVideo (Gallery plugin, saveSort.json.php) where unsanitized values from $_REQUEST['sections'] are fed into eval(), enabling PHP code execution via CSRF against an admin session. The issue exists up to version 26.0; a patch in commit 087dab8841f8bdb54be184105ef19b47c56...

8.8CVSS6.3AI score0.00531EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/20 8:44 p.m.5 views

GHSA-XGGW-G9PM-9QHH AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

8.8CVSS6.7AI score0.00531EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/20 8:44 p.m.7 views

AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

8.8CVSS6.7AI score0.00531EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/20 5:8 a.m.24 views

CVE-2026-33035 Unauthenticated Reflected XSS via innerHTML in AVideo

WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's jsonencode into a JavaScript function...

5.3CVSS0.00317EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/19 5:12 p.m.6 views

AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

8.2CVSS5.8AI score0.00216EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/03/16 6:16 p.m.8 views

CVE-2026-23489

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...

9.1CVSS0.003EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/03/15 8:21 a.m.129 views

web-attack-payloads

Web Attack Payloads Collection !Cybersecurityhttps://img.s...

6.3AI score
Exploits0
EUVD
EUVD
added 2026/03/10 7:25 p.m.9 views

EUVD-2026-10811

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

9.6CVSS6.1AI score0.00295EPSS
Exploits1References1
OSV
OSV
added 2026/03/10 7:25 p.m.5 views

CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

9.6CVSS6.1AI score0.00295EPSS
Exploits1References3
Metasploit
Metasploit
added 2026/03/09 6:57 p.m.299 views

SPIP Saisies Plugin Unauthenticated RCE

This module exploits an unauthenticated PHP code injection in the SPIP Saisies plugin CVE-2025-71243. The anciennesvaleurs form parameter is interpolated unsanitized into a hidden field rendered with interdirescripts=false, allowing direct PHP code execution via template eval. Exploitation requir...

9.8CVSS6.2AI score0.05126EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.7 views

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00374EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/07 3:30 a.m.6 views

EUVD-2026-10105

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00374EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/07 1:21 a.m.5 views

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00374EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/07 1:21 a.m.36 views

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS0.00374EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/07 1:21 a.m.5 views

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00374EPSS
Exploits0References5
Rows per page
Query Builder