Design/Logic Flaw

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...

PT-2018-14968 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP versions prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary PHP code by uploading an image with the image/jpeg content type to the "zb system/admin/index.php?act=UploadMng" API endpoint. This requires...

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

phpBB 3.2.3: Phar Deserialization to RCE

Impact phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. Bu...

Code injection

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

Code injection

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...

PbootCMS Arbitrary PHP Code Execution Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. An arbitrary PHP code execution vulnerability exists in PbootCMS 1.2.2. A remote attacker can exploit this vulnerability by specifying a .php file name in the "SET GLOBAL generallogfile" statement and a subsequen...

Cross site request forgery (csrf)

An issue was discovered in PopojiCMS v2.0.1. admincomponent.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code that is extracted and can be executed. This can also be exploited via CSRF...

CVE-2018-18934

An issue was discovered in PopojiCMS v2.0.1. admincomponent.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code that is extracted and can be executed. This can also be exploited via CSRF...

CVE-2018-18892

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...

Code injection

uploadtemplate in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file...

Cross site request forgery (csrf)

CSRF exists in zbusers/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 Zero, which allows remote attackers to execute arbitrary PHP code...

CVE-2018-18835

uploadtemplate in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file...

Code Execution Vulnerability in X6CMS_V2.2

X6CMS, the full name of Xiaoliu Website Content Management System. X6CMS is a marketing website management platform with PHP+MYSQL architecture. A code execution vulnerability exists in X6CMSV2.2. An attacker can write any php code to gain server privileges...

Code injection

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

CVE-2018-17440

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...

CVE-2018-17442

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...

CVE-2018-17440

D-Link Central WiFi Manager (before 1.03r0100-Beta1) is vulnerable to remote code execution via an FTP service listening on port 9000 that uses hardcoded admin/admin credentials. An unauthenticated attacker can upload a PHP file to the web root and access it to execute arbitrary code. Core Securi...

CVE-2018-17827

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php...

Cross site request forgery (csrf)

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types .jpg, .png, .gif, .jpe...