CVE-2023-53889

Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...

CVE-2023-53889

Perch CMS 3.2 is affected by a remote code execution through an unrestricted file upload in the assets management interface. Authenticated administrators can upload arbitrary PHP files (e.g., a .phar with embedded system command execution) to run commands on the server. Root cause: improper valid...

CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload

Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...

PT-2025-51307

Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description Perch CMS version 3.2 has a remote code execution issue. Authenticated administrators can upload arbitrary PHP files through the assets management interface. An attacker can upload a malicious .phar file...

EUVD-2023-47563

Malicious code in bioql PyPI...

CVE-2023-43144

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...

Malicious code in seagroup-assets-management-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c44bc2e3fe919ef26fcd2d1f0c35594c222160c51fff19083d9be40017cc2689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3916 Malicious code in seagroup-assets-management-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c44bc2e3fe919ef26fcd2d1f0c35594c222160c51fff19083d9be40017cc2689 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-30215

A flaw was found in NATS-SERVER. In affected versions of NATS-SERVER, the management of JetStream assets happens with messages in the $JS. subject namespace in the system account; this is partially exposed into regular accounts to allow account holders to manage their assets. Some JS API requests...

CVE-2023-43144

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...

CVE-2023-43144

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...

CVE-2023-43144

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...

Sql injection

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...

CVE-2023-43144

CVE-2023-43144 affects the Projectworldsl Assets-management-system-in-php 1.0. The issue is a SQL Injection in delete.php via the id parameter, where the value is directly interpolated into a query without validation or sanitization, enabling arbitrary SQL execution. Connected sources (Red Hat, N...

CVE-2023-43144

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...

Projectworldsl Assets-management-system-in-php SQL Injection Vulnerability

Assets-management-system-in-php is a PHP asset management system for projectworlds individual developers. A security vulnerability exists in Projectworldsl Assets-management-system-in-php version 1.0, which stems from a SQL injection vulnerability in the parameter id of the file delete.php...

Perch v3.2 - Persistent Cross Site Scripting (XSS)

Exploit Title: Perch v3.2 - Persistent Cross Site Scripting XSS Google Dork: N/A Date: 23-July-2023 Exploit Author: Dinesh Mohanty Vendor Homepage: https://grabaperch.com/ Software Link: https://grabaperch.com/download Version: v3.2 Tested on: Windows CVE : Requested Description: Stored Cross Sit...

SAP 3D Visual Enterprise Author 缓冲区错误漏洞

SAP 3D Visual Enterprise Author is a desktop application from SAP Germany for managing 2D, 3D, animation, video and audio assets. SAP 3D Visual Enterprise Author suffers from a buffer overflow vulnerability, which stems from a lack of proper memory management and can be exploited by an attacker t...

Top 3 APIs Vulnerabilities: Why Apps are Pwned by Cyberattackers

Application programming interfaces APIs have become the glue that holds today’s apps together. There’s an API to turn on the kitchen lights while still in bed. There’s an API to change the song playing on your house speakers. Whether the app is on your mobile device, entertainment system or garag...

NeDi Consulting NeDi Cross-Site Scripting Vulnerability (CNVD-2020-44578)

NeDi Consulting NeDi is a suite of open source software that supports discovery and mapping of network devices from the Swiss company NeDi Consulting. A cross-site scripting vulnerability exists in NeDi Consulting NeDi version 1.9C. The vulnerability can be exploited to execute arbitrary JavaScri...