CVE-2019-9829

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/defaultpc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates...

Metinfo Competitive Conditions Vulnerability

MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A competitive condition vulnerability exists in MetInfo. An attacker can exploit this vulnerability by means of a competitive condition in the backend database backup function via admin / index.php?n =...

SugarCRM (SaveDropDown) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...

Empire CMS Arbitrary PHP Code Execution Vulnerability

EmpireCMS is a free CMS Content Management System. A security vulnerability exists in EmpireCMS version 7.5. The vulnerability can be exploited by remote attackers to execute arbitrary PHP code via the 'ftemp' parameter on the enews=EditMemberForm page...

Code injection

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

CVE-2018-1808 affects IBM WebSphere Commerce versions 9.0.0.0 through 9.0.0.6, where inadequate input control could allow server-side code injection. The trusted sources in the provided documents identify the impact as server-side code injection, with the NVD listing CVSS3 base score 8.8 (HIGH) a...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-18426

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

CVE-2018-18382

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" aka user/edit-profile action...

OTCMS Arbitrary PHP Code Execution Vulnerability

OTCMS is an article-based web content management system CMS. A security vulnerability exists in OTCMS version 3.61. The vulnerability can be exploited by remote attackers to execute arbitrary PHP code with the help of 'accBackupDir' parameter...

CVE-2016-9045

A code execution vulnerability exists in ProcessMaker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...

OpenEMR Unrestricted File Upload Vulnerability

OpenEMR is a medical practice management software that also supports electronic medical records EMR. An unrestricted file upload vulnerability exists in interface/super/managesitefiles.php in versions of OpenEMR prior to 5.0.1.4, which can be exploited by a remote attacker who uploads a PHP file...

WordPress Booking Calendar Plugin Local File Inclusion Vulnerability

WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Software Foundation, which supports the hosting of personal blogging sites on servers running PHP and MySQL.Booking Calendar is one of the booking systems for making online reservations and checking the...

SiteBridge Joruri Gw Arbitrary File Upload Vulnerability

SiteBridge Joruri Gw is a group assignment software from SiteBridge Japan. An arbitrary file upload vulnerability exists in SiteBridge Joruri Gw 3.2.0 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary PHP code...

GxlcmsQY update function arbitrary PHP code execution vulnerability

GxlcmsQY system is a quick website cms tailored for business users. An arbitrary PHP code execution vulnerability exists in the update function in LibLibActionAdminTplAction.class.php in Gxlcms QY v1.0.0713. A remote attacker can exploit this vulnerability by placing code in a template to execute...

PrestaShop Responsive Mega Menu Pro Module Code Execution Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. The solution provides a variety of payment methods , short message alerts and product image zoom and other features.Responsive Mega Menu Horizontal + Vertical + Dropdown Pro module is used in which a responsive menu module . A...

CVE-2018-5782

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...

CVE-2017-16903

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...