CVE-2020-37169

CVE-2020-37169 affects WordPress plugin Ultimate Member version 2.1.3. It exposes a local file inclusion flaw in class-admin-upgrade.php via the pack parameter, allowing authenticated attackers to include arbitrary PHP files from the packages directory and execute code. The CVSS data indicates a ...

CVE-2020-37169 WordPress Plugin ultimate-member 2.1.3 Local File Inclusion

WordPress Plugin ultimate-member 2.1.3 contains a local file inclusion vulnerability that allows authenticated attackers to include arbitrary files by manipulating the pack parameter in class-admin-upgrade.php. Attackers can send POST requests with malicious pack values to include unintended PHP...

WordPress plugin ultimate-member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection via the logDetailCat function in the Execution Log Handler. An attacker can access unauthorized resources by obtaining a valid logId and sending requests directly to logDetailCat endpoint. Remediation Upgrade...

📄 YOURLS 1.8.2 SQL Injection

Proof of concept for a remote SQL injection vulnerability in YOURLS version 1.8.2. ============================================================================================================================================= | Title : YOURLS 1.8.2 SQL Injection & System Compromise in Administrati...

EUVD-2024-1599

Malicious code in bioql PyPI...

CVE-2022-46166

Spring boot admins is an open source administrative user interface for management of spring boot applications. All users who run Spring Boot Admin Server, having enabled Notifiers e.g. Teams-Notifier and write access to environment variables via UI are affected. Users are advised to upgrade to th...

Operation on a Resource after Expiration or Release

Overview Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release due to the password reset functionality. An attacker can accept an invitation for an unlimited amount of time by exploiting the lack of validation for the pending invitation's expiry...

CVE-2024-25414

An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file...

CSZ CMS Security Vulnerability

CSZ CMS is a PHP-based open source content management system CMS. A security vulnerability exists in CSZ CMS v1.3.0, which stems from an arbitrary file upload vulnerability in component /admin/upgrade...

PT-2024-20929 · Csz Cms · Csz Cms

Name of the Vulnerable Software and Affected Versions: CSZ CMS version 1.3.0 Description: The issue is an arbitrary file upload vulnerability in the /admin/upgrade component, which allows attackers to execute arbitrary code by uploading a crafted Zip file. This vulnerability can be exploited by...

CVE-2022-23904

Rainworx Auctionworx 3.1R2 is vulnerable to a Cross-Site Request Forgery CSRF attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition...

h1-ctf: h1-ctf writeup , finally paid the payments by chaining multiple bugs

Summary: Ultimate aim is to pay the payments of hackerone using bounty pay with no use privileges at starting. Given scope is : .bountypay.h1ctf.com Enumerated subdomains are : 1. www.bountypay.h1ctf.com 2. app.bountypay.h1ctf.com 3. staff.bountypay.h1ctf.com 4. api.bountypay.h1ctf.com 5...

WordPress Ultimate-Member 2.1.3 Local File Inclusion

Title : WordPress Plugin ultimate-member 2.1.3 - Local File Inclusion - Author : mehran feizi - Category : Webapps - Date : 2020-02-11 - vendor home page: https://wordpress.org/plugins/ultimate-member/ Vulnerable Page: /class-admin-upgrade.php Vulnerable Source: 354: ifempty$POST'pack' else 356:...

EUVD-2010-4319

Directory traversal vulnerability in admin/upgradeunattended.php in MantisBT before 1.2.4 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the dbtype parameter, related to an unsafe call by MantisBT to a function in the ADOdb Library for PHP...