60 matches found
WordPress plugin WP JobSearch security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin My Account Page Editor security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability in the WordPress plugin My...
WordPress plugin rtMedia security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
WordPress plugin Welcart e-Commerce security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CMS Made Simple Cross-Site Scripting Vulnerability
CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made Simple...
WBCE CMS Cross-Site Scripting Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS version v.1.6.1, which stems from not validating uploaded files...
PT-2023-7523 · Aleos · Aleos
Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the ACEManager component of the ALEOS operating system, which does not validate uploaded file names and types. This could potentially allow an authenticated user to perform...
Nokia NetAct 跨站脚本漏洞
Nokia NetAct is a network management system from the Finnish company Nokia. A security vulnerability exists in Nokia NetAct versions prior to 22 SP1037, which stems from the configuration tool's upload option not validating file contents. An attacker could exploit the vulnerability to perform...
WordPress plugin Membership For WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...
WordPress plugin Request a Quote 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress plugin nextgen-galery 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Church Management System SQL注入漏洞
Church Management System is a church management system. version 1.0 of Church Management System is vulnerable to a file upload vulnerability that results from a lack of validation of uploaded files by the application. An attacker could exploit this vulnerability to upload malicious files to...
IBM Sterling B2B Integrator 代码问题漏洞
IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with different partner communities.A denial of service vulnerability exists in IBM Sterling B2B...
CVE-2021-43934
Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files...
Zenario CMS 代码问题漏洞
Zenario CMS is an open source application from Zenario. A file upload vulnerability exists in Zenario CMS version 9.0.54156, which stems from the application's lack of validation of uploaded files. An attacker could exploit the vulnerability to upload malicious files to remotely execute arbitrary...
Printable Staff Id Card Creator System 代码问题漏洞
Printable Staff Id Card Creator System is a small project by Patrick Mvuma personal developer. It is intended to be used by administrators of a company or organization to enroll new employees and create their ID cards and print them. Printable Staff ID Card Creator System has a code issue...
Baserow 代码问题漏洞
Baserow is an open source no-code database and Airtable replacement. A security vulnerability exists in Baserow versions prior to 1.1.0, which stems from the URL file upload feature of the software not validating and escaping parameters. This allowed a remote authenticated user to retrieve networ...
AikCms 代码问题漏洞
AikCms AikCms is a content management system CMS based on PHP and MySQL. A security vulnerability exists in AikCms version v2.0.0, which originates from uploaded files not validated in the background file management...
CVE-2019-12744
SeedDMS before 5.1.11 allows Remote Command Execution RCE because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940...
TikiWiki: Arbitrary command execution
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description TikiWiki lacks a check on uploaded images in the Wiki edit page. Impact A malicious user could run arbitrary commands on the server by uploading and calling a PHP script...