Lucene search
K

24 matches found

Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-40944

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super admin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References4
CVE
CVE
added 2026/03/16 12:0 a.m.10 views

CVE-2025-50881

CVE-2025-50881 involves the Use It Flow admin page flow/admin/moniteur.php, vulnerable before version 10.0.0. The GET parameter action is unsafely incorporated into a string and evaluated via PHP eval(), after a flawed method_exists check that only validates the portion before the first parenthes...

8.8CVSS6.2AI score0.0061EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/19 9:9 a.m.18 views

CVE-2025-13088

The Category and Product Woocommerce Tabs plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. This is due to insufficient input validation on the 'template' parameter in the categoryProductTab function. This makes it possible for authenticated...

8.8CVSS6.4AI score0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 2:24 a.m.4 views

CVE-2025-10269 Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion

The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the executi...

7.5CVSS6.7AI score0.00519EPSS
Exploits0References2
OSV
OSV
added 2020/10/02 1:15 p.m.4 views

UBUNTU-CVE-2020-18185

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment...

9.8CVSS6.1AI score0.01771EPSS
Exploits1References3
CNVD
CNVD
added 2020/06/11 12:0 a.m.3 views

Zenphoto Code Injection Vulnerability

Zenphoto is a content management system CMS. The Zenphoto code injection vulnerability can be exploited by an attacker to execute arbitrary PHP code...

8.8CVSS8.1AI score0.01166EPSS
Exploits0References1
CNVD
CNVD
added 2019/05/16 12:0 a.m.3 views

GetSimple CMS Remote Code Execution Vulnerability

GetSimple CMS is a content management system CMS written in PHP. A remote code execution vulnerability exists in GetSimple CMS version 3.3.15 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system...

9.8CVSS8.5AI score0.71598EPSS
Exploits5References1
Packet Storm
Packet Storm
added 2015/03/20 12:0 a.m.41 views

Yoast Google Analytics Stored Cross Site Scripting

OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...

Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

PHPAlbum 0.2.3/4.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15651/info phpAlbum is prone to a local file-include vulnerability. An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserve...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

MySource 2.14 Span.php PEAR_PATH Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.27 views

Grayscale BandSite CMS 1.1 news_content.php the_band Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

PHPMyFAQ 1.5.1 - Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14929/info PHPMyFAQ is prone to a local file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

ezUpload 2.2 customize.php path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/14534/info ezUpload is affected by multiple remote file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

PhotoGal 1.0/1.5 News_File Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14190/info PhotoGal is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of this issue will allow an attacker...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Grayscale BandSite CMS 1.1 help_mp3.php max_file_size_purdy Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2007/02/03 12:0 a.m.14 views

PortailPHP 2 - mod_newsgoodies.php?chemin Traversal Arbitrary File Access

PortailPHP 2 - modnewsgoodies.php?chemin Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows ...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/21 12:0 a.m.27 views

BandSite CMS 1.1 - &#039;help_merch.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/21 12:0 a.m.21 views

BandSite CMS 1.1 - &#039;header.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/21 12:0 a.m.33 views

BandSite CMS 1.1 - &#039;signgbook_content.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/21 12:0 a.m.25 views

BandSite CMS 1.1 - &#039;merch_content.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...

7AI score
Exploits0
Rows per page
Query Builder