Lucene search
K

66 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:16 p.m.7 views

CVE-2021-20187

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentication...

7.2CVSS7.4AI score0.01572EPSS
Exploits0References1
OSV
OSV
added 2025/04/29 8:15 p.m.9 views

CVE-2025-0520

An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7...

9.4CVSS7.6AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/29 12:0 a.m.9 views

PT-2025-18203

Name of the Vulnerable Software and Affected Versions ShowDoc versions prior to 2.8.7 Description An unrestricted file upload issue caused by improper validation of file extensions allows unauthenticated attackers to upload arbitrary PHP files, such as web shells, leading to remote code execution...

9.4CVSS6.5AI score0.00976EPSS
Exploits0References83
Vulnrichment
Vulnrichment
added 2025/04/26 8:23 a.m.4 views

CVE-2025-2101 Edumall <= 4.2.4 - Unauthenticated Local File Inclusion

The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumalllazyloadtemplate' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the serve...

8.1CVSS8.5AI score0.00736EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/04/13 7:12 p.m.411 views

Exploit for Code Injection in Ispconfig

CVE-2023-46818 Python Exploit 🔥 Description This Python e...

7.2CVSS7.2AI score0.13894EPSS
Exploits14
OSV
OSV
added 2025/01/24 11:15 a.m.4 views

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the pgcu shortcode. This makes it possible for authenticated attacker...

8.8CVSS7.8AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/24 12:0 a.m.6 views

PT-2025-2161 · WordPress · Post Grid

Name of the Vulnerable Software and Affected Versions: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress versions up to, and including, 1.6.10 Description: The issue allows authenticated attackers, with Contributor-level access and...

8.8CVSS8.1AI score0.00582EPSS
Exploits0References10
CVE
CVE
added 2025/01/09 8:18 p.m.63 views

CVE-2024-13295

CVE-2024-13295 affects Drupal Node export module for Drupal 7.X-* before 7.X-3.3. Root cause is deserialization of untrusted data, leading to object injection and potential arbitrary code execution. Affected software: Drupal Node export module (7.X-*, prior to 7.X-3.3). Impact per sources: possib...

6.6CVSS7.2AI score0.00392EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/09 7:16 p.m.8 views

CVE-2024-13265 Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2...

7.2AI score0.00537EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/25 12:0 a.m.3 views

WordPress plugin WP Travel Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS8.3AI score0.00752EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.11 views

PT-2024-16281 · WordPress · Wpc Smart Messages

Name of the Vulnerable Software and Affected Versions: WPC Smart Messages for WooCommerce plugin for WordPress versions up to, and including, 4.2.1 Description: The issue allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary files on the server via...

8.8CVSS7.9AI score0.00725EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/10/26 12:0 a.m.6 views

PT-2024-38986 · WordPress · Wordpress Post Grid Layouts With Pagination – Sogrid

Name of the Vulnerable Software and Affected Versions: WordPress Post Grid Layouts with Pagination – Sogrid plugin versions up to, and including, 1.5.2 Description: The issue allows authenticated attackers with Administrator-level access and above to include and execute arbitrary files on the...

7.2CVSS7.5AI score0.00665EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/30 12:0 a.m.9 views

PT-2024-38890

Name of the Vulnerable Software and Affected Versions: Clean Login plugin for WordPress versions up to, and including, 1.14.5 Description: The Clean Login plugin for WordPress is vulnerable to Local File Inclusion via the template attribute of the clean-login-register shortcode. This allows...

8.8CVSS6.5AI score0.03034EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.6 views

PT-2024-36462 · WordPress · Wp Blog Post Layouts

Name of the Vulnerable Software and Affected Versions: WP Blog Post Layouts plugin for WordPress versions up to, and including, 1.1.3 Description: The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with...

8.8CVSS8.1AI score0.00822EPSS
Exploits0References14
OSV
OSV
added 2024/03/07 9:15 a.m.2 views

CVE-2024-1382

The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the ndrstlayout attribute of the ndrstsearch shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and...

8.8CVSS7.8AI score0.0088EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/12/01 9:48 p.m.26 views

CVE-2023-44382 October CMS safe mode bypass using Twig sandbox escape

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

9.1CVSS9.6AI score0.00873EPSS
Exploits0References1
OSV
OSV
added 2023/10/20 7:15 a.m.2 views

CVE-2023-4488

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...

9.8CVSS7.8AI score0.00995EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/23 12:0 a.m.11 views

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...

9.6AI score0.03824EPSS
Exploits5References1
Positive Technologies
Positive Technologies
added 2022/08/15 12:0 a.m.6 views

PT-2022-15878 · WordPress · Vr Calendar

Name of the Vulnerable Software and Affected Versions: VR Calendar WordPress plugin versions prior to 2.3.3 Description: The issue allows any user to execute arbitrary PHP functions on the site. This can lead to unauthorized access and potential code execution. Recommendations: For versions prior...

9.8CVSS9.7AI score0.12442EPSS
Exploits2References4
EUVD
EUVD
added 2022/07/06 7:3 p.m.3 views

EUVD-2015-3250

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution...

7.2CVSS7.5AI score0.03214EPSS
Exploits1References3
Rows per page
Query Builder