PT-2023-7576 · Unknown · Sticky Notes App Using Php With Source Code

Name of the Vulnerable Software and Affected Versions: Sticky Notes App Using PHP with Source Code version 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This vulnerability can be exploited by a remote attacker to gain access to confidential information...

CVE-2023-46793

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database...

qdPM Code Issues Vulnerabilities

qdPM is a web-based open source project management tool. A security vulnerability exists in qdPM version 9.2, which stems from a remote code execution vulnerability. The vulnerability allows an attacker to upload a .php file to the /uploads URI via the Add Attachments function to execute remote...

CVE-2023-33253

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...

CSZ CMS 代码问题漏洞

CSZ CMS is an open source PHP-based content management system CMS. A security vulnerability exists in CSKaza CSZ CMS version 1.2.2, which originates from a vulnerability that allows attackers to execute arbitrary commands and code via a crafted PHP file...

laravel-admin 代码问题漏洞

z-song laravel-admin is an administrative interface builder for the Laravel web development framework. A security vulnerability exists in laravel-admin v1.8.19, which stems from the existence of an arbitrary file upload vulnerability that can be exploited by an attacker to execute arbitrary code...

PT-2023-19069 · Erohtar · Dasherr

Name of the Vulnerable Software and Affected Versions: erohtar/Dasherr versions prior to 1.05.00 Description: The issue allows any unauthenticated user to execute arbitrary code on the server due to unrestricted file upload. The file /www/include/filesave.php enables uploading files to anywhere o...

yahoo YUI2 跨站脚本漏洞

YUI is a JavaScript and CSS library of YUI Library open source. yahoo YUI2 has a cross-site scripting vulnerability that originates from up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnod has cross-site scripting vulnerability newnode2.php ...

CVE-2022-39179

College Management System v1.0 - Authenticated remote code execution. An admin user the authentication can be bypassed using SQL Injection that mentioned in my other report can upload .php file that contains malicious code via student.php file...

CVE-2022-43146

An arbitrary file upload vulnerability in the image upload function of Canteen Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-26747 · Unknown · Restaurant Pos System

Name of the Vulnerable Software and Affected Versions: Restaurant POS System version 1.0 Description: The issue is related to an arbitrary file upload vulnerability in the add product.php file, which allows attackers to execute arbitrary code via a crafted PHP file. This can be achieved by...

PT-2022-22819 · Ucms · Ucms

Name of the Vulnerable Software and Affected Versions: UCMS version 1.6 Description: The issue allows for arbitrary file upload via the ucms/sadmin/file PHP file. Recommendations: For version 1.6, consider restricting access to the ucms/sadmin/file PHP file to minimize the risk of exploitation...

CVE-2022-34025

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the post function at /web/api/v1/upload/UploadHandler.php...

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

CVE-2022-23880

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-0440

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

Xerte 代码问题漏洞

Xerte is an open source software from The Xerte Project community in the UK. Xerte is vulnerable to a code issue where a maliciously crafted php file can be uploaded via a project interface disguised as a language file to bypass upload filters. An attacker could exploit the vulnerability to...

CVE-2021-40909

Cross site scripting XSS vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the firstname, lastname, and email parameters to /ajaxcrud...

ProjectWorlds Online Shopping System 跨站请求伪造漏洞

Projectworlds Online Shopping System is an online shopping system from the Austrian company Projectworlds.A security vulnerability exists in Projectworlds Online Shopping System PHP, which stems from a CSRF vulnerability in ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in...

RGCMS 代码问题漏洞

RGCMS is a web CMS. v1.06 of RGCMS contains a security vulnerability that can be exploited by attackers to execute arbitrary code via a crafted .txt file, which will later be changed to a PHP file...