OpenText Carbonite Safe Server Backup 代码注入漏洞

OpenText Carbonite Safe Server Backup is a hybrid cloud backup software developed by OpenText Corporation in Canada. Versions of OpenText Carbonite Safe Server Backup 6.8.3 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper code generation controls, whi...

📄 SPIP Saisies 5.11.0 Remote Code Execution

Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...

JeeWMS 代码注入漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. JeeWMS versions 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of parameters in the file...

Smart-SSO 代码注入漏洞

Smart-SSO is an authorization and authentication tool developed by Joe as a personal project. Versions of Smart-SSO 2.1.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect operations on the function “Save” in the file...

JeeWMS 代码注入漏洞

JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. Versions of JeeWMS 3.7 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the parameter ‘myEditor’ in the file...

07FLYCMS和07FlyCRM 代码注入漏洞

07FLYCMS is a free and open-source content management system developed by 07FLY Company in China. 07Fly and 07FLYCRM are customer relationship management systems created by 07FLY Company. 07FLYCMS and 07FlyCRM versions 1.2.9 and earlier have a code injection vulnerability. This vulnerability stem...

BaykeShop 代码注入漏洞

BaykeShop is an e-commerce system developed by xingfuggz’s individual developers. Versions of BaykeShop prior to 1.3.20 have a code injection vulnerability. This vulnerability stems from improper handling of the parameter sidebar.content in the file...

Smart-SSO 代码注入漏洞

Smart-SSO is an authorization and authentication tool developed by Joe as a personal project. Versions of Smart-SSO 2.1.1 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the redirectUri parameter in the...

forest 代码注入漏洞

Forest is a modern knowledge community backend project developed by RYMCU. It is implemented using SpringBoot, Shiro, MyBatis, JWT, and Redis. Versions of Forest 0.0.5 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations on the XssUtils.replaceHtmlCo...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Name” in the file...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter ‘name/index’ in the file...

Student Management System 代码注入漏洞

Student Management System is a simple web-based student management software developed by Sk.Amir Hamza in Bangladesh. The Student Management System has a code injection vulnerability, which stems from incorrect handling of the parameter “Error” in the file index.php, potentially leading to...

itsourcecode Student Management System 代码注入漏洞

itsourcecode Student Management System is an open-source student management system developed by itsourcecode. Version 1.0 of itsourcecode Student Management System has a code injection vulnerability, which may lead to cross-site scripting attacks...

FunAdmin 代码注入漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have a code injection vulnerability. This vulnerability stems from incorrect handling of parameters in the app/backend/view/index/index.html file of the component'...

forest 代码注入漏洞

Forest is a modern knowledge community backend project developed by RYMCU. It is implemented using SpringBoot, Shiro, MyBatis, JWT, and Redis. Versions of Forest 0.0.5 and earlier have a code injection vulnerability. This vulnerability stems from incorrect operations in the updateUserInfo functio...

Yifang CMS 代码注入漏洞

Yifang CMS is a PHP enterprise website development and management system provided by Yifang Corporation. Versions of Yifang CMS 2.0.5 and earlier contained a code injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “Name” in the file...

CVE-2025-52744

Improper Control of Generation of Code 'Code Injection' vulnerability in inpersttion Inpersttion For Theme err-our-team allows Code Injection.This issue affects Inpersttion For Theme: from n/a through = 1.0...

CVE-2025-67979

Improper Control of Generation of Code 'Code Injection' vulnerability in WesternDeal WPForms Google Sheet Connector gsheetconnector-wpforms allows Code Injection.This issue affects WPForms Google Sheet Connector: from n/a through = 4.0.1...

Exploit for CVE-2026-27574

CVE-2026-27574-OneUptime-RCE !Authorhttps://img.shields.io/...

Arbitrary Code Injection

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Arbitrary Code Injection via the backup restore process. An attacker can execute arbitrary server-side code by uploading and restoring a specially crafted backup file. This is only exploitable if th...