CVE-2026-37712

An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the htdocs/cron/class/cronjob.class.php, calluserfuncarray in function job type...

CVE-2026-29091

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

CVE-2026-29091 Locutus: Remote Code Execution (RCE) in locutus call_user_func_array due to Code Injection

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

Locutus 安全漏洞

Locutus is an open-source JavaScript library developed by Locutus. Versions of Locutus prior to 3.0.0 contained security vulnerabilities, which stemmed from insecure implementations of the calluserfuncarray function, potentially allowing remote code execution...

GHSA-FP25-P6MJ-QQG6 locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection

Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...

locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection

Details A Remote Code Execution RCE flaw was discovered in the locutus project v2.0.39, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to inject arbitrary JavaScript code into the application's runtime environment. This issue stems from an...

CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

There is an RCE vulnerability

Description - There is an RCE vulnerability in qmpaas/leadshop https://github.com/qmpaas/leadshop v1.4.15. An attacker can access the file leadshop.php and call any existing function through GET to control the target host. The vulnerability is in the leadshop/web/leadshop.php27-61 file public...

Tuleap PHP Unserialize Code Execution Exploit

This Metasploit module exploits a PHP object injection vulnerability in Tuelap 'Tuleap PHP Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in Tuelap = 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with...

Tuleap PHP Unserialize Code Execution

This module exploits a PHP object injection vulnerability in Tuleap 'Tuleap PHP Unserialize Code Execution', 'Description' = %q This module exploits a PHP object injection vulnerability in Tuleap = 7.6-4 which could be abused to allow authenticated users to execute arbitrary code with the...

callback nightmare: parsing of the famous CMS frameworks Drupal SQL injection vulnerability-vulnerability warning-the black bar safety net

Drupal is using the PHP language, open source content management framework CMF, which consists of CMS and PHP development framework together constitute. Consecutive years won the world's best CMS award, is based on the PHP language the most famous WEB applications. A few days before the explosion...

Hastymail 2.1.1 RC1 Command Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

PHPList 2.10.9 'Sajax.php' PHP代码注入漏洞

phplist是一个开源的newsletter管理软件，用PHP开发。 PHPList 'Sajax.php'不正确处理用户提交的数据，远程攻击者可以利用漏洞提交恶意代码，并以WEB权限执行。 0 PHPList 2.10.9 厂商解决方案 phplist ----- 目前没有详细解决方案提供： http://www.phplist.com/ --------------------------------------- This PoC was written for educational purpose. Use it at your own risk. Author will b...

phpList 2.10.9 - &#039;Sajax.php&#039; PHP Code Injection

source: https://www.securityfocus.com/bid/53693/info PHPList is prone to a remote PHP code-injection vulnerability. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the...

Wordpress Plugin WP-Syntax &lt;= 0.9.1 Remote Command Execution

No description provided by source. ====================================================================== Wordpress plugin WP-Syntax = 0.9.1 Remote Code Execution ====================================================================== This vulnerability was originally discovered by Raz0r on...

WordPress WP-Syntax 0.9.1 Command Execution

====================================================================== Wordpress plugin WP-Syntax $functions if isnull$functions continue; foreach$functions as $function $string = calluserfuncarray$function, array$string; return $string; ... Global variable testfilter is not defined, so...

Code injection

WP-Syntax plugin 0.9.1 and earlier for Wordpress, with registerglobals enabled, allows remote attackers to execute arbitrary PHP code via the testfilterwphead array parameter to test/index.php, which is used in a call to the calluserfuncarray function...

CVE-2009-2852

WP-Syntax plugin 0.9.1 and earlier for Wordpress, with registerglobals enabled, allows remote attackers to execute arbitrary PHP code via the testfilterwphead array parameter to test/index.php, which is used in a call to the calluserfuncarray function...

Wordpress Plugin WP-Syntax &lt;= 0.9.1 Remote Command Execution PoC

No description provided by source. ============================================================ Wordpress Plugin WP-Syntax = 0.9.1 Remote Command Execution ============================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /...

Wordpress Plugin WP-Syntax <= 0.9.1 Remote Command Execution PoC

Exploit for unknown platform in category web applications ================================================================ Wordpress Plugin WP-Syntax Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 0...