PT-2017-18617 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.1.6 Description: The issue allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to "admin/editusertag.php", related to the CreateTagFunction and CallUserTag functions. The...

Code injection

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

CVE-2017-7447

HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...

CVE-2017-7402

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...

Design/Logic Flaw

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...

Code injection

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the configkey parameter to the setup/index.php?action=welcome URI...

CVE-2017-7324

MODX Revolution 2.5.4-pl and earlier are affected by a remote code execution vulnerability in setup/templates/findcore.php, exploitable via the core_path parameter to run arbitrary PHP code. The issue is documented across multiple sources (NVD/CVE-2017-7324, CNVD, osv), indicating the vulnerable ...

Code injection

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot...

MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability',...

WordPress File Manager 3.0.1 Cross Site Request Forgery

------------------------------------------------------------------------ Cross-Site Request Forgery in File Manager WordPress plugin ------------------------------------------------------------------------ David Vaartjes, July 2016...

WordPress Plugin Global Content Blocks 2.1.5 - Cross-Site Request Forgery

!-- Source: https://sumofpwn.nl/advisory/2016/crosssiterequestforgeryinglobalcontentblockswordpressplugin.html Abstract It was discovered that the Global Content Blocks WordPress Plugin is vulnerable to Cross-Site Request Forgery. Amongst others, this issue can be used to update a content block t...

CVE-2015-8832

Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a 1 .pht, 2 .php...

CVE-2015-8832

Dotclear before 2.8.2 has multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php that allow remote authenticated users with the permissions to “manage their own media items” and “manage their own entries and comments” to upload a file with a (1) .pht, (2) .phps, or (3) .phtml...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in installmodules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file...

CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

CVE-2016-2539

Cross-site request forgery CSRF vulnerability in installmodules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files and execute arbitrary PHP code via vectors involving a crafted zip file...

CVE-2016-6175

Eval injection vulnerability in php-gettext 1.0.12 and earlier allows remote attackers to execute arbitrary PHP code via a crafted plural forms header...

WordPress InfiniteWP Client 1.5.1.3 / 1.6.0 PHP Object Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------ InfiniteWP Client WordPress Plugin unauthenticated PHP Object injection vulnerability ------------------------------------------------------------------------ Yorick...