CVE-2018-17826

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types .jpg, .png, .gif, .jpe...

CVE-2018-17573

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and...

CVE-2018-17364

CVE-2018-17364 affects OTCMS 3.61, where remote attackers can execute arbitrary PHP code via the accBackupDir parameter. Attack vector is network-based; exploitation details are not provided beyond the parameter abuse. Root cause: unvalidated/unsafe handling of accBackupDir allows code execution....

e107 < 2.1.9 Multiple Vulnerabilities

e107 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:e107:e107"; if description...

Monstra CMS Arbitrary PHP Code Execution Vulnerability (CNVD-2019-03475)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. An arbitrary PHP code execution vulnerability exists in Monstra CMS version 3.0.4, which stems from the...

CVE-2018-15886

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=editsnippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a ?php substring...

Code injection

In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive...

CVE-2018-16320

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file...

Directory traversal

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed...

CVE-2018-15139

Unrestricted file upload in interface/super/managesitefiles.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

CVE-2018-14399

PHPCMS 9.6.0 is affected. The flaw exists in libs\classes\attachment.class.php and allows remote attackers to upload and execute arbitrary PHP code by sending a crafted .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data directed to index.php?m=member&c=index&...

CVE-2018-13038

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...

CVE-2018-13038

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...

Unrestricted file upload

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...

CVE-2018-13038

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...

Code injection

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...

Web Servers PHPMyAdmin Remote Code Execution (CVE-2016-5734)

A remote code execution vulnerability exists in PHPMyAdmin. The vulnerability is caused due to incorrect choosing of delimiters to prevent use of the pregreplace function. Successful exploitation of this vulnerability will allow execution of arbitrary PHP code...

Custom Tokens - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-041

The Custom Tokens module enables you to create custom tokens for specific replacements that can improve other modules relying on the token API. The module doesn't sufficiently identify that its custom permissions are risky and should only be granted to highly trusted roles. This vulnerability is...

CVE-2018-11736

Pluck before 4.7.7-dev2 is affected by a remote code execution in /data/inc/images.php. An attacker can upload an image/jpeg/.htaccess file to execute arbitrary PHP code, leading to full compromise of affected hosts. The issue is mitigated by upgrading to Pluck 4.7.7-dev2 or applying the fixed re...