CVE-2026-1443

A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published an...

CVE-2021-47819

CVE-2021-47819 affects ProjeQtOr Project Management 9.1.4. A file upload vulnerability in the profile attachment feature allows guest users to upload PHP files, enabling arbitrary code execution by accessing the uploaded file with a crafted request parameter. Metrics indicate critical impact on c...

CVE-2025-67084

File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arbitrary PHP files into attachments, which can later be executed remotely, leading to Remote Code Execution RCE...

CVE-2022-50893

VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the addgalleryimage.php endpoint to execute arbitrary code on the server...

EUVD-2026-1959

A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txtusername leads to sql injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2021-47736 CMSimple_XH 1.7.4 Authenticated Remote Code Execution via Content Editing

CMSimpleXH 1.7.4 contains an authenticated remote code execution vulnerability in the content editing functionality that allows administrative users to upload malicious PHP files. Attackers with valid credentials can exploit the CSRF token mechanism to create a PHP shell file that enables arbitra...

CVE-2023-53957 Kimai 1.30.10 SameSite Cookie Vulnerability Session Hijacking

Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session...

PT-2025-52527

Name of the Vulnerable Software and Affected Versions Kimai version 1.30.10 Description Kimai version 1.30.10 has a SameSite cookie flaw that allows attackers to steal user session cookies. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie...

CVE-2023-53871

CVE-2023-53871 pertains to Soosyze 2.0.0 and describes an unrestricted file upload vulnerability due to a broken upload mechanism. The affected software is the Soosyze CMS (PHP) version 2.0.0, with the vulnerability allowing an attacker to upload arbitrary HTML files containing embedded PHP code....

PT-2025-51289

Name of the Vulnerable Software and Affected Versions Soosyze version 2.0.0 Description The application has a file upload issue that permits attackers to upload arbitrary HTML files containing PHP code. This broken file upload mechanism could allow attackers to view sensitive file paths and execu...

EUVD-2024-55336

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

PT-2025-50749

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

CVE-2024-58282

CVE-2024-58282 affects Serendipity 2.5.0 via remote code execution through authenticated media uploads. The root cause is improper handling of uploaded PHP files, enabling an authenticated administrator to upload a PHP shell that executes arbitrary commands on the server. Public references note t...

CVE-2024-58282 Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...

CVE-2025-67532 WordPress Hara theme <= 1.2.17 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Hara hara allows PHP Local File Inclusion.This issue affects Hara: from n/a through = 1.2.17...

EUVD-2025-199635

An issue in the cmsrest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file...

EUVD-2025-197814

QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the upload of executable PHP files. Once uploaded, the file can be accessed through the "View Attachment" option,...

CVE-2025-63678

An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted PHP file...

ClipBucket 安全漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A security vulnerability exists in ClipBucket version v.5.5.2 Build90, which stems from improper handling of the file parameter in filedownloader.php, which could lead ...

CVE-2025-51968

A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions...