1622 matches found
CVE-2020-18184
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...
CVE-2020-18184
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...
Code injection
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...
CVE-2020-18184
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametresedittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...
Drag and Drop Multiple File Upload – Contact Form 7 < 1.3.5.5 - Unauthenticated Remote Code Execution
The Drag and Drop Multiple File Upload – Contact Form 7 WordPress plugin was vulnerable to Remote Code Execution via file upload. The plugin used a blacklist of dangerous file extensions that it did not allow to be uploaded, however, the extensions .phar and .phpt were not within the blacklist,...
CVE-2020-25790
Summary: CVE-2020-25790 affects Typesetter CMS 5.x through 5.1. A ZIP upload feature allows an admin to place a PHP file inside the archive and, after extraction, execute the code, leading to arbitrary code execution. Root cause: uploaded ZIP contents can be executed via the web interface, confli...
CVE-2020-25790
Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being...
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
Summary Intelligent digital signage made easy. To go beyond the possibilities offered, b-swiss allows you to create the communication solution for your specific needs and your graphic charter. You benefit from our experience and know-how in the realization of your digital signage project...
Fedora 32 : drupal8 (2020-a064e7dd38)
https://www.drupal.org/project/drupal/releases/8.9.5 - https://www.drupal.org/project/drupal/releases/8.9.4 - https://www.drupal.org/project/drupal/releases/8.9.3 - https://www.drupal.org/project/drupal/releases/8.9.2 - https://www.drupal.org/project/drupal/releases/8.9.1 - Drupal core - Critical...
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
CVE-2020-25213
The File Manager wp-file-manager plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile and p...
CVE-2020-11546
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...
CVE-2020-11546
SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. An unauthenticated remote attacker can exploit this behavior to execute arbitrary PHP code via Code Injection...
Drupal 8.8.x < 8.8.8 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.72, 8.8.x prior to 8.8.8, 8.9.x prior to 8.9.1 or 9.0.x prior to 9.0.1. It is, therefore, affected by multilple vulnerabilities : - A Cross-Site Request Forgery CSRF due to...
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Linux
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
Drupal 8.x, 9.x Multiple Vulnerabilities (SA-CORE-2020-005, SA-CORE-2020-006) - Windows
Drupal is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...
CVE-2020-13384
Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048...
CVE-2019-18869
CVE-2019-18869 affects Blaauw Remote Kiln Control (v3.00r4); leftover debug code in default.php?idx=17 allows arbitrary PHP code execution. Root cause: debug artifacts accessible via web interface, enabling full control over the PHP process. Public descriptions across Red Hat/EUVD/CNVD/NVD family...
CVE-2019-18869
Leftover Debug Code in Blaauw Remote Kiln Control through v3.00r4 allows a user to execute arbitrary php code via /default.php?idx=17...