Code injection

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

PT-2023-4770 · Unknown · Php-Fusion

Name of the Vulnerable Software and Affected Versions: PHPFusion affected versions not specified Description: The issue is related to insufficient sanitization of tainted file names that are directly concatenated with a path and subsequently passed to a require once statement. This allows arbitra...

Unrestricted File Upload

responsive-filemanager,is vulnerable to Unrestricted File Upload. The vulnerability exists due to a lack of file upload checks, which allows an attacker with a low-privileged account to upload and execute arbitrary php files...

CVE-2020-21861

File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload...

Remote Code Execution via File upload

Description In the theme settings function, any file can be uploaded without any filter, resulting in an arbitrary php file being uploaded. Proof of Concept POST /admin/theme/huraga HTTP/1.1 Host: localhost Content-Type: multipart/form-data;...

CVE-2020-20918

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

Code injection

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page...

Remote code execution

A Remote Code Execution RCE vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods...

CVE-2023-2017

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

CVE-2023-2017

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...

PHAR deserialization allowing remote code execution

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

Deserialization of untrusted data

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...

K55248799: phpLDAPAdmin vulnerabilities CVE-2005-2654, CVE-2005-2792, CVE-2005-2793, CVE-2006-2016, and CVE-2009-4427

Security Advisory Description CVE-2005-2654 phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disableanonbind is set, via an HTTP request to login.php with the anonymousbind parameter set. CVE-2005-2792 Directory traversal vulnerability in...

SUSE CVE-2016-6609

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

Deserialization of untrusted data

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...

CVE-2022-3568 ImageMagick Engine <= 1.7.5 - Cross-Site Request Forgery to PHAR Deserialization

The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'clipath' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into...

CVE-2021-24942 Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...