EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

The plugin does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code PoC As a contributor, create/edit a post and put the below code while in Code Editor mode: \n aa \n Save or Preview the...

EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

The plugin does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code As a contributor, create/edit a post and put the below code while in Code Editor mode: \naa\n Save or Preview the page,...

CVE-2020-19822

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

Remote code execution

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

CVE-2020-19822

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

PT-2021-10414 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2018 Description: A remote code execution issue in the template user.php file allows attackers to execute arbitrary PHP code. This is achieved via the ml and title parameters. Recommendations: For ZZCMS version 2018, consider...

D-Link DIR-816 Command Execution Vulnerability (CNVD-2021-67516)

The D-Link DIR-816 is a wireless router from D-Link, Taiwan, China.The D-Link DIR-816 has a security vulnerability that could be exploited by attackers to execute arbitrary php code via the typename parameter...

Code injection

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...

CVE-2020-18917

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...

CVE-2021-39608

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...

Remote code execution

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...

CVE-2021-39608

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...

Remote code execution

A remote code execution RCE in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file...

Code injection in topthink/think

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

CVE-2020-17952

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

CVE-2020-17952

A remote code execution RCE vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code...

Advantech R-SeeNet File Inclusion Vulnerability

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet suffers from a file inclusion vulnerability, which stems from the failure ...

Code injection

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework before 1.2.2 wp-content/themes/elemin/themify/themify-ajax.php file...

CVE-2020-25414

A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code...

Remote file inclusion

A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code...