Code injection

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

CVE-2018-1808 affects IBM WebSphere Commerce versions 9.0.0.0 through 9.0.0.6, where inadequate input control could allow server-side code injection. The trusted sources in the provided documents identify the impact as server-side code injection, with the NVD listing CVSS3 base score 8.8 (HIGH) a...

CVE-2018-18426

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

CVE-2018-18382

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" aka user/edit-profile action...

OTCMS Arbitrary PHP Code Execution Vulnerability

OTCMS is an article-based web content management system CMS. A security vulnerability exists in OTCMS version 3.61. The vulnerability can be exploited by remote attackers to execute arbitrary PHP code with the help of 'accBackupDir' parameter...

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

OpenEMR Unrestricted File Upload Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. An unrestricted file upload vulnerability exists in interface/super/managesitefiles.php in versions of OpenEMR prior to 5.0.1.4, which can be exploited by a remote attacker who uploads a PHP file...

WordPress Booking Calendar Plugin Local File Inclusion Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports the hosting of personal blogging sites on servers running PHP and MySQL.Booking Calendar is one of the booking systems for making online reservations and checking the...

SiteBridge Joruri Gw Arbitrary File Upload Vulnerability

SiteBridge Joruri Gw is a group assignment software from SiteBridge Japan. An arbitrary file upload vulnerability exists in SiteBridge Joruri Gw 3.2.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

GxlcmsQY update function arbitrary PHP code execution vulnerability

GxlcmsQY system is a quick website cms tailored for business users. An arbitrary PHP code execution vulnerability exists in the update function in LibLibActionAdminTplAction.class.php in Gxlcms QY v1.0.0713. A remote attacker can exploit this vulnerability by placing code in a template to execute...

PrestaShop Responsive Mega Menu Pro Module Code Execution Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. The solution provides a variety of payment methods , short message alerts and product image zoom and other features.Responsive Mega Menu Horizontal + Vertical + Dropdown Pro module is used in which a responsive menu module . A...

CVE-2018-5782

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...

CVE-2017-16903

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

UBUNTU-CVE-2017-16660

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remoteagent.php request containing PHP code in a Client-ip header...

CVE-2017-14346

upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file...

FineCms Remote Code Execution Vulnerability

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A remote code execution vulnerability exists in FineCms version 5.0.9. A remote attacker can exploit this vulnerability to execute arbitrary PHP code with the help of the 'param' function in th...

CVE-2017-7570

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...