CVE-2021-47734

CVE-2021-47734 affects CMSimple 5.4 and is described as an authenticated local file inclusion vulnerability that can lead to remote code execution by manipulating PHP session files. The root cause cited in connected sources is improper handling of template/function include paths, enabling an atta...

CMSimple 安全漏洞

CMSimple is a free content management system. CMSimple suffers from a file inclusion vulnerability that stems from improper handling of template/function include paths, which allows the application to include local files without securely restricting and validating the file paths. An attacker can...

PT-2025-52834

Name of the Vulnerable Software and Affected Versions CMSimple version 5.4 Description CMSimple version 5.4 contains a flaw that allows attackers to manipulate PHP session files and potentially execute arbitrary code. This is possible through an authenticated local file inclusion, where attackers...

Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...

GHSA-CQ46-M9X9-J8W2 Scapy Session Loading Vulnerable to Arbitrary Code Execution via Untrusted Pickle Deserialization

Summary An unsafe deserialization vulnerability in Scapy Internally, this triggers: python main.py SESSION = pickle.loadgzip.opensessionname, "rb" Since no validation or restriction is performed on the deserialized object, any code embedded via reduce will be executed immediately. This makes it...

EUVD-2006-6579

Malware in sbrugna...

EUVD-2019-5914

Malware in sbrugna...

EUVD-2008-5724

Malware in sbrugna...

EUVD-2002-1047

Malware in sbrugna...

EUVD-2019-7961

Malware in sbrugna...

EUVD-2020-15915

Malware in sbrugna...

EUVD-2018-13424

Malware in sbrugna...

EUVD-2019-6247

Malware in sbrugna...

EUVD-2025-25474

Malicious code in bioql PyPI...

CVE-2025-9307

A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-9307

A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-9307

The CVE refers to PHPGurukul Online Course Registration 3.1 with a SQL injection in the /admin/session.php file, through manipulation of the sesssion argument. This vulnerability is exploitable remotely, and published exploits exist. Multiple sources (NVD, Red Hat, CNVD, CNNVD, CVE List) confirm ...

CVE-2025-9307 PHPGurukul Online Course Registration session.php sql injection

A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

Remote Code Execution (RCE)

bolt/bolt is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized rendering of user-controlled input PHP code injection in the displayname field in backend templates, followed by abuse of session file manipulation endpoints which allows an attacker to create a web shel...

Student Record System session.php File SQL Injection Vulnerability

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter session in the file /session.php. An attacker can exploit this vulnerability to execute...