66 matches found
CVE-2021-20187
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...
CVE-2025-0520
An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...
PT-2025-18203
Name of the Vulnerable Software and Affected Versions ShowDoc versions prior to 2.8.7 Description An unrestricted file upload issue caused by improper validation of file extensions allows unauthenticated attackers to upload arbitrary PHP files, such as web shells, leading to remote code execution...
CVE-2025-2101 Edumall <= 4.2.4 - Unauthenticated Local File Inclusion
The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumalllazyloadtemplate' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the serve...
Exploit for Code Injection in Ispconfig
CVE-2023-46818 Python Exploit 🔥 Description This Python e...
CVE-2024-13408
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the pgcu shortcode. This makes it possible for authenticated attacker...
PT-2025-2161 · WordPress · Post Grid
Name of the Vulnerable Software and Affected Versions: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress versions up to, and including, 1.6.10 Description: The issue allows authenticated attackers, with Contributor-level access and...
CVE-2024-13295
CVE-2024-13295 affects Drupal Node export module for Drupal 7.X-* before 7.X-3.3. Root cause is deserialization of untrusted data, leading to object injection and potential arbitrary code execution. Affected software: Drupal Node export module (7.X-*, prior to 7.X-3.3). Impact per sources: possib...
CVE-2024-13265 Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029
Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2...
WordPress plugin WP Travel Engine 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-16281 · WordPress · Wpc Smart Messages
Name of the Vulnerable Software and Affected Versions: WPC Smart Messages for WooCommerce plugin for WordPress versions up to, and including, 4.2.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary files on the server via...
PT-2024-38986 · WordPress · Wordpress Post Grid Layouts With Pagination – Sogrid
Name of the Vulnerable Software and Affected Versions: WordPress Post Grid Layouts with Pagination – Sogrid plugin versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary files on the...
PT-2024-38890
Name of the Vulnerable Software and Affected Versions: Clean Login plugin for WordPress versions up to, and including, 1.14.5 Description: The Clean Login plugin for WordPress is vulnerable to Local File Inclusion via the template attribute of the clean-login-register shortcode. This allows...
PT-2024-36462 · WordPress · Wp Blog Post Layouts
Name of the Vulnerable Software and Affected Versions: WP Blog Post Layouts plugin for WordPress versions up to, and including, 1.1.3 Description: The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with...
CVE-2024-1382
The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the ndrstlayout attribute of the ndrstsearch shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and...
CVE-2023-44382 October CMS safe mode bypass using Twig sandbox escape
October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...
CVE-2023-4488
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...
CVE-2023-26326
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...
PT-2022-15878 · WordPress · Vr Calendar
Name of the Vulnerable Software and Affected Versions: VR Calendar WordPress plugin versions prior to 2.3.3 Description: The issue allows any user to execute arbitrary PHP functions on the site. This can lead to unauthorized access and potential code execution. Recommendations: For versions prior...
EUVD-2015-3250
custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution...