school-management-system 代码问题漏洞

school-management-system is a school management system developed in PHP for schools or small organizations by Shubham kumar individual developer. A code issue vulnerability exists in school-management-system, which stems from the incorrect manipulation of the parameter File in the file...

EUVD-2020-19052

Malware in sbrugna...

Perch v3.2 - Remote Code Execution Exploit

Exploit Title: Perch v3.2 - Remote Code Execution RCE Application: Perch Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://grabaperch.com/ Software Link: https://grabaperch.com/download Date of found: 21.07.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technical Details & POC...

CVE-2023-26775

File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint...

PT-2023-20790 · Monitorr · Monitorr

Name of the Vulnerable Software and Affected Versions: Monitorr version 1.7.6 Description: A remote attacker can execute arbitrary code via a crafted file upload to the "assets/php/upload.php" endpoint. This allows for the potential execution of malicious code on the affected system...

PT-2022-24239 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/framework versions 4.11 and earlier Description: The issue allows for XSS attacks. A malicious content author could upload a GPX file with a Javascript payload. The payload could then be executed by luring a legitima...

Craft CMS PHP Code Injection Vulnerability

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets-Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension...

CVE-2020-26505

A Stored Cross-Site Scripting XSS vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized...

CVE-2020-26505

A Stored Cross-Site Scripting XSS vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized...

Cross site scripting

A Stored Cross-Site Scripting XSS vulnerability in the “Marmind” web application with version 4.1.141.0 allows an attacker to inject code that will later be executed by legitimate users when they open the assets containing the JavaScript code. This would allow an attacker to perform unauthorized...

Code injection

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets-Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension...