Lucene search
K

66 matches found

WPVulnDB
WPVulnDB
added 2021/10/11 12:0 a.m.23 views

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...

7.2CVSS2.7AI score0.01514EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/10/11 12:0 a.m.767 views

Similar Posts < 3.1.6 - Admin+ Arbitrary PHP Code Execution

The plugin allow high privilege users to execute arbitrary PHP code in an hardened environment ie with DISALLOWFILEEDIT, DISALLOWFILEMODS and DISALLOWUNFILTEREDHTML set to true via the 'widgetrrmsimilarpostscondition' widget setting of the plugin. Vendor was notified in July 2021, the issue was...

7.2CVSS1.3AI score0.01514EPSS
Exploits2
Redos
Redos
added 2021/09/08 12:0 a.m.11 views

ROS-2-630

2.630 Multiple Vulnerabilities in Moodle 1. Vulnerability description: The vulnerability discovered allows a remote attacker to perform cross-site scripting XSS attacks. The vulnerability allows a remote user to gain unauthorized access to other restricted features. Vulnerability allows a remote...

7.7AI score
Exploits0
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.4 views

WordPress 插件路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . An authorization issue vulnerability exists in WordPress...

9.8CVSS6AI score0.02633EPSS
Exploits2References2
Prion
Prion
added 2019/02/21 9:29 p.m.19 views

Design/Logic Flaw

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...

6.8CVSS8.2AI score0.91919EPSS
Exploits22References6Affected Software1
CVE
CVE
added 2017/03/30 7:0 a.m.51 views

CVE-2017-7324

MODX Revolution 2.5.4-pl and earlier are affected by a remote code execution vulnerability in setup/templates/findcore.php, exploitable via the core_path parameter to run arbitrary PHP code. The issue is documented across multiple sources (NVD/CVE-2017-7324, CNVD, osv), indicating the vulnerable ...

9.8CVSS9.8AI score0.02145EPSS
Exploits1References2Affected Software1
ArchLinux
ArchLinux
added 2014/10/16 12:0 a.m.64 views

drupal: pre-auth sql injection

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...

7.5CVSS2.7AI score0.99974EPSS
Exploits20References4
Tenable Nessus
Tenable Nessus
added 2014/10/16 12:0 a.m.159 views

Drupal Database Abstraction API SQLi

The remote web server is running a version of Drupal that is affected by a SQL injection vulnerability due to a flaw in the Drupal database abstraction API, which allows a remote attacker to use specially crafted requests that can result in arbitrary SQL execution. This may lead to privilege...

7.5CVSS7.5AI score0.99974EPSS
Exploits20References3
FreeBSD
FreeBSD
added 2014/10/15 12:0 a.m.55 views

drupal7 -- SQL injection

Drupal Security Team reports: Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution...

7.5CVSS8AI score0.99974EPSS
Exploits20References2
Drupal
Drupal
added 2014/10/15 12:0 a.m.774 views

SA-CORE-2014-005 - Drupal core - SQL injection

Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the...

7.5CVSS7.6AI score0.99974EPSS
Exploits20References14
Exploit DB
Exploit DB
added 2014/10/14 12:0 a.m.31 views

Croogo 2.0.0 - Arbitrary PHP Code Execution

!/usr/bin/env python Croogo 2.0.0 Arbitrary PHP Code Execution Exploit Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered by CakePHP MV...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

omegabill 1.0 build 6 - Multiple Vulnerabilities

No description provided by source. Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/05/19 12:0 a.m.18 views

Aphpkb 0.95.4 PHP Execution

------------------------------------------------------------------------ --PoC--...

7.4AI score
Exploits0
0day.today
0day.today
added 2011/02/16 12:0 a.m.24 views

OmegaBill 1.0 Build 6 Multiple Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution Download................http://sourceforge.net/projects/omegabill/ Release...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/02/15 12:0 a.m.12 views

omegabill 1.0 build 6 - Multiple Vulnerabilities

omegabill 1.0 build 6 - Multiple Vulnerabilities Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP...

Exploits0
Exploit DB
Exploit DB
added 2011/02/15 12:0 a.m.19 views

omegabill 1.0 build 6 - Multiple Vulnerabilities

Source: http://packetstormsecurity.org/files/view/98480/OmegaBillv1.0Build6-php.txt ------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2011/02/15 12:0 a.m.20 views

OmegaBill 1.0 Build 6 Arbitrary PHP Execution

------------------------------------------------------------------------ Software................OmegaBill v1.0 Build 6 Vulnerability...........Arbitrary PHP Execution Download................http://sourceforge.net/projects/omegabill/ Release Date............2/11/2011 Tested...

0.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/03/02 12:0 a.m.26 views

GLSA-200503-04 : phpWebSite: Arbitrary PHP execution and path disclosure

The remote host is affected by the vulnerability described in GLSA-200503-04 phpWebSite: Arbitrary PHP execution and path disclosure NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable ...

7.5CVSS6.3AI score0.021EPSS
Exploits1References5
Gentoo Linux
Gentoo Linux
added 2005/03/01 12:0 a.m.30 views

phpWebSite: Arbitrary PHP execution and path disclosure

Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...

7.5CVSS7.2AI score0.021EPSS
Exploits1
securityvulns
securityvulns
added 2004/11/13 12:0 a.m.37 views

phpBB Code EXEC &#40;v2.0.10&#41;

| | | | | | | | || | | | | | | | | |/ / / / | | | / | '| |/ / | | | | V V / | |/ / | | | | | |// // |/ ,|| || http://www.howdark.com ---------------------------------------------------------------------------------------------------------------------------------- // Information...

1.1AI score
Exploits0
Rows per page
Query Builder