Code injection

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

CVE-2018-17440

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials admin, admin. Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any...

CVE-2018-17442

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...

CVE-2018-17440

D-Link Central WiFi Manager (before 1.03r0100-Beta1) is vulnerable to remote code execution via an FTP service listening on port 9000 that uses hardcoded admin/admin credentials. An unauthenticated attacker can upload a PHP file to the web root and access it to execute arbitrary code. Core Securi...

CVE-2018-17827

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php...

Cross site request forgery (csrf)

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types .jpg, .png, .gif, .jpe...

CVE-2018-17826

HisiPHP 1.0.8 allows CSRF via admin.php/admin/user/adduser.html to add an administrator account. The attacker can then use that account to execute arbitrary PHP code by leveraging app/common/model/AdminAnnex.php to add .php to the default list of allowable file-upload types .jpg, .png, .gif, .jpe...

CVE-2018-17573

The Wp-Insert plugin through 2.4.2 for WordPress allows upload of arbitrary PHP code because of the exposure and configuration of FCKeditor under fckeditor/editor/filemanager/browser/default/browser.html, fckeditor/editor/filemanager/connectors/test.html, and...

CVE-2018-17364

CVE-2018-17364 affects OTCMS 3.61, where remote attackers can execute arbitrary PHP code via the accBackupDir parameter. Attack vector is network-based; exploitation details are not provided beyond the parameter abuse. Root cause: unvalidated/unsafe handling of accBackupDir allows code execution....

e107 < 2.1.9 Multiple Vulnerabilities

e107 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:e107:e107"; if description...

Monstra CMS Arbitrary PHP Code Execution Vulnerability (CNVD-2019-03475)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. An arbitrary PHP code execution vulnerability exists in Monstra CMS version 3.0.4, which stems from the...

CVE-2018-15886

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=editsnippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a ?php substring...

Code injection

In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive...

CVE-2018-16320

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file...

CVE-2018-15139

Unrestricted file upload in interface/super/managesitefiles.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory...

Directory traversal

Directory traversal in portal/importtemplate.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the "docid" and "content" parameters and accessing it in the traversed...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

CVE-2018-14399

PHPCMS 9.6.0 is affected. The flaw exists in libs\classes\attachment.class.php and allows remote attackers to upload and execute arbitrary PHP code by sending a crafted .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data directed to index.php?m=member&c=index&...

Unrestricted file upload

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...

CVE-2018-13038

OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with the application/pdf Content-Type...