194 matches found
PT-2025-34810 · Unknown · Badaso Cms
Name of the Vulnerable Software and Affected Versions: Badaso CMS version 2.9.11 Description: The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the...
CVE-2025-52130
File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution RC...
CVE-2025-46099
In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...
WordPress plugin CMSMasters Content Composer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A file inclusion vulnerability exists in the WordPress CMSMasters Content Composer plugin that stems from not doing effective filtering of local file resource calls, which can b...
MIKO MikoPBX 安全漏洞
MIKO MikoPBX is an open source graphical user interface from MIKO. A security vulnerability exists in MIKO MikoPBX version 2024.1.114 and earlier, which stems from a vulnerability that allows uploading PHP scripts to arbitrary directories...
Dairy Farm Shop Management System /add-company.php File SQL Injection Vulnerability
Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter companyname in the file...
WordPress plugin Yozi 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
SUSE CVE-2024-2756
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...
CMSimple 安全漏洞
CMSimple is a free content management system from CMSimple open source. A security vulnerability exists in CMSimple version 5.16, which stems from a vulnerability that allows remote attackers to download php backup files via a carefully crafted script that obtains sensitive information...
PT-2024-21656 · Unknown · Soplanning
Name of the Vulnerable Software and Affected Versions: SO Planning versions prior to 1.52.02 Description: A Remote Code Execution RCE vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, an attacker can upload a PHP-file that will be available for...
Online ID Generator 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online ID Generator 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | ...
Online Survey System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Online Survey System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits |...
Loan Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Loan Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
Employees Pay Slip PDF Generator System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Employees Pay Slip PDF Generator System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefo...
PT-2024-12118 · Softexpert · Softexpert Excellence Suite
Name of the Vulnerable Software and Affected Versions: Softexpert Excellence Suite version 2.1 Description: A file upload issue allows attackers to execute arbitrary code by uploading a .php file to the "form/efms exec html/file upload parser.php" endpoint. Recommendations: For Softexpert...
flusity CMS 安全漏洞
flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version v.2.33, which stems from issues that allow remote attackers to execute arbitrary code via the addpost.php component...
Huashi Private Cloud CDN Live Streaming Acceleration Server 安全漏洞
Huashi Private Cloud CDN Live Streaming Acceleration Server is a live streaming acceleration service from China Huashi. A security vulnerability exists in Huashi Private Cloud CDN Live Streaming Acceleration Server hgateway-sixport version v.1.1.2, which originates from a vulnerability that allow...
PT-2023-32429 · WordPress · Rtmedia
Name of the Vulnerable Software and Affected Versions: rtMedia for WordPress, BuddyPress and bbPress WordPress plugin versions prior to 4.6.16 Description: The issue concerns the rtMedia plugin's failure to validate uploaded files, potentially allowing attackers with low-privilege accounts to...
CVE-2023-48381
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify...
CVE-2023-48965
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...