CVE-2021-21804

A local file inclusion LFI vulnerability exists in the options.php script functionality of Advantech R-SeeNet v 2.4.12 20.10.2020. A specially crafted HTTP request can lead to arbitrary PHP code execution. An attacker can send a crafted HTTP request to trigger this vulnerability...

CVE-2021-27811

A code injection vulnerability has been discovered in the Upgrade function of QibosoftX1 v1.0. An attacker is able execute arbitrary PHP code via exploitation of clientupgradeedition.php and Upgrade.php...

CVE-2021-24537

The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin...

CVE-2021-24546

The Gutenberg Block Editor Toolkit – EditorsKit WordPress plugin before 1.31.6 does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code...

CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

CVE-2020-19822

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

CVE-2020-25414

A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code...

CVE-2019-8908

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox configuration - Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header...

CVE-2019-17370

OTCMS v3.85 allows arbitrary PHP Code Execution because admin/sysCheckFiledeal.php blocks "into outfile" in a SELECT statement, but does not block the "into//outfile" manipulation. Therefore, the attacker can create a .php file...

CVE-2018-18892

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...

CVE-2013-3629

ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution...

CVE-2013-0224

The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the FFmpeg transcoder, allows local users to execute arbitrary PHP code by modifying a temporary PHP file...

CVE-2010-3307

Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 body, 2 footer, 3 header, 4 menuleft, or 5 menuright parameter...

CVE-2016-10752

serendipitymoveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename...

CVE-2010-5040

PHP remote file inclusion vulnerability in nucleus/plugins/NPgallery.php in the NPGallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary PHP code via a URL in the DIRNUCLEUS parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4943

Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the classpath parameter to 1 file.php or 2 comdel.php...

CVE-2010-4939

PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter...

CVE-2017-11760

uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...

CVE-2010-4558

phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification Trojan Horse in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code...

CVE-2012-1625

Eval injection vulnerability in the fillpdfformexportdecode function in fillpdf.admin.inc in the Fill PDF module 6.x-1.x before 6.x-1.16 and 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with administer PDFs privileges to execute arbitrary PHP code via unspecified vectors...