66 matches found
Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution
The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...
Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution
The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...
ROS-2-630
2.630 Multiple Vulnerabilities in Moodle 1. Vulnerability description: The vulnerability discovered allows a remote attacker to perform cross-site scripting XSS attacks. The vulnerability allows a remote user to gain unauthorized access to other restricted features. Vulnerability allows a remote...
WordPress 插件路径遍历漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in WordPress...
Design/Logic Flaw
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...
CVE-2017-7324
MODX Revolution 2.5.4-pl and earlier are affected by a remote code execution vulnerability in setup/templates/findcore.php, exploitable via the core_path parameter to run arbitrary PHP code. The issue is documented across multiple sources (NVD/CVE-2017-7324, CNVD, osv), indicating the vulnerable ...
drupal: pre-auth sql injection
Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...
Drupal Database Abstraction API SQLi
The remote web server is running a version of Drupal that is affected by a SQL injection vulnerability due to a flaw in the Drupal database abstraction API, which allows a remote attacker to use specially crafted requests that can result in arbitrary SQL execution. This may lead to privilege...
drupal7 -- SQL injection
Drupal Security Team reports: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution...
SA-CORE-2014-005 - Drupal core - SQL injection
Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...
Croogo 2.0.0 - Arbitrary PHP Code Execution
!/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MV...
omegabill 1.0 build 6 - Multiple Vulnerabilities
No description provided by source. Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution...
Aphpkb 0.95.4 PHP Execution
------------------------------------------------------------------------ --PoC--...
OmegaBill 1.0 Build 6 Multiple Vulnerabilities
Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution Download................http://sourceforge.net/projects/omegabill/ Release...
omegabill 1.0 build 6 - Multiple Vulnerabilities
omegabill 1.0 build 6 - Multiple Vulnerabilities Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP...
omegabill 1.0 build 6 - Multiple Vulnerabilities
Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution...
OmegaBill 1.0 Build 6 Arbitrary PHP Execution
------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution Download................http://sourceforge.net/projects/omegabill/ Release Date............2/11/2011 Tested...
GLSA-200503-04 : phpWebSite: Arbitrary PHP execution and path disclosure
The remote host is affected by the vulnerability described in GLSA-200503-04 phpWebSite: Arbitrary PHP execution and path disclosure NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable ...
phpWebSite: Arbitrary PHP execution and path disclosure
Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...
phpBB Code EXEC (v2.0.10)
| | | | | | | | || | | | | | | | | |/ / / / | | | / | '| |/ / | | | | V V / | |/ / | | | | | |// // |/ ,|| || http://www.howdark.com ---------------------------------------------------------------------------------------------------------------------------------- // Information...