24 matches found
PT-2026-40944
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...
CVE-2025-50881
CVE-2025-50881 involves the Use It Flow admin page flow/admin/moniteur.php, vulnerable before version 10.0.0. The GET parameter action is unsafely incorporated into a string and evaluated via PHP eval(), after a flawed method_exists check that only validates the portion before the first parenthes...
CVE-2025-13088
The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab function. This makes it possible for authenticated...
CVE-2025-10269 Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion
The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the executi...
UBUNTU-CVE-2020-18185
class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...
Zenphoto Code Injection Vulnerability
Zenphoto is a content management system CMS. The Zenphoto code injection vulnerability can be exploited by an attacker to execute arbitrary PHP code...
GetSimple CMS Remote Code Execution Vulnerability
GetSimple CMS is a content management system CMS written in PHP. A remote code execution vulnerability exists in GetSimple CMS version 3.3.15 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system...
Yoast Google Analytics Stored Cross Site Scripting
OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...
PHPAlbum 0.2.3/4.1 - Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserve...
MySource 2.14 Span.php PEAR_PATH Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...
Grayscale BandSite CMS 1.1 news_content.php the_band Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...
PHPMyFAQ 1.5.1 - Local File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
ezUpload 2.2 customize.php path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues ...
PhotoGal 1.0/1.5 News_File Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14190/info PhotoGal is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue will allow an attacker...
Grayscale BandSite CMS 1.1 help_mp3.php max_file_size_purdy Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...
PortailPHP 2 - mod_newsgoodies.php?chemin Traversal Arbitrary File Access
PortailPHP 2 - modnewsgoodies.php?chemin Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows ...
BandSite CMS 1.1 - 'help_merch.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...
BandSite CMS 1.1 - 'header.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...
BandSite CMS 1.1 - 'signgbook_content.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...
BandSite CMS 1.1 - 'merch_content.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...