SolarWinds Orion Platform UpdateAction Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the UpdateAction method. The issue results from an exposed dangerous method. An...

PT-2023-7124 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: The issue is related to an incorrect comparison vulnerability in the UpdateAction method of the SolarWinds Orion Platform. This vulnerability can be exploited by a remote...

GHSA-J6MP-HX4G-P3GM Command injection in pagekit

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php...

Command injection in pagekit

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php...

CVE-2023-41005

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php...

CVE-2023-41005

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php...

CVE-2023-41005

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php...

Privilege Escalation

pimcore/pimcore is vulnerable to Privilege Escalation . The vulnerability exits due to faulty logic in the updateAction function of UserController.php, which allows a low level user to elevate their privileges to an admin...

CMSWing SQL Injection Vulnerability (CNVD-2021-09500)

CMSWing is a ThinkJS-based e-commerce platform and CMS builder. CMSWing 1.3.8 suffers from a SQL injection vulnerability. The vulnerability stems from the updateAction function not checking the detail parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands via...

Sql injection

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands...