CVE-2025-15394 iCMS POST Parameter ConfigAdmincp.php save code injection

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-15394 iCMS POST Parameter ConfigAdmincp.php save code injection

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-15394

CVE-2025-15394 affects iCMS up to version 8.0.0. The vulnerability resides in the Save function of app/config/ConfigAdmincp.php (POST Parameter Handler). Manipulating the config argument results in code injection. The issue can be exploited remotely, and public exploit code is available. Multiple...

CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...

CVE-2025-15393

CVE-2025-15393 affects Kohana KodiCMS up to 13.82.135. The vulnerability resides in the Save function of cms/modules/kodicms/classes/kodicms/model/file.php (Layout API Endpoint), where manipulating the content argument enables code injection. Exploitation is possible remotely and has been publicl...

CVE-2025-15393 Kohana KodiCMS Layout API Endpoint file.php save code injection

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...

CVE-2025-15250

A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

iiCMS 代码注入漏洞

iCMS is a software application. It is an efficient and simple content management system built with PHP and MySQL. A code injection vulnerability exists in iCMS 8.0.0 and earlier versions, which stems from an incorrect operation of the parameter config by the Save function in the POST Parameter...

PT-2025-54428

A security vulnerability has been detected in Kohana KodiCMS up to 13.82.135. This impacts the function Save of the file cms/modules/kodicms/classes/kodicms/model/file.php of the component Layout API Endpoint. The manipulation of the argument content leads to code injection. The attack can be...

KodiCMS 代码注入漏洞

KodiCMS is a content management system from Kohana KodiCMS open source. A code injection vulnerability exists in KodiCMS 13.82.135 and earlier versions, which originates from the incorrect operation of the Save function on the parameter content in the Layout API Endpoint component file...

Razgover 代码注入漏洞

Razgover is an online messaging application by Eli Nicksic Personal Developer. Razgover suffers from a code injection vulnerability that stems from incorrect manipulation of the parameter msg in the file Chattify/send.php, which could lead to a cross-site scripting attack...

Simple-PHP-Blog 代码注入漏洞

Simple-PHP-Blog is a simple blogging system by the individual developer Philip Okugbe. A code injection vulnerability exists in Simple-PHP-Blog, which stems from an incorrect manipulation of the parameter Username in the file /login.php, which could lead to a cross-site scripting attack...

PT-2025-54436

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-68897

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

EUVD-2025-205772

A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-15250

A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-15250 08CMS Novel System Template mtpls.inc.php code injection

A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-15250

The CVE concerns 08CMS Novel System up to version 3.4, specifically a flaw in the Template Handler that manipulates admina/mtpls.inc.php to enable code injection. Evidence from multiple sources confirms remote exploitation with a publicly disclosed exploit; however, the provided documents do not ...

CVE-2025-15250 08CMS Novel System Template mtpls.inc.php code injection

A security vulnerability has been detected in 08CMS Novel System up to 3.4. This issue affects some unknown processing of the file admina/mtpls.inc.php of the component Template Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been...