CVE-2025-68897

The connected Wordfence report documents CVE-2025-68897 as affecting IF AS Shortcode. It is described as an Unauthenticated? No, the entry shows “Authenticated (Contributor+) Remote Code Execution” via the IF AS Shortcode before 1.2, implying code execution when an attacker with Contributor+ righ...

CVE-2025-68897 WordPress IF AS Shortcode plugin <= 1.2 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Mohammad I. Okfie IF AS Shortcode if-as-shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through = 1.2...

CVE-2025-15130

A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attac...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function doAppAuditList in the file...

WordPress plugin IF AS Shortcode 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code injectio...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect manipulation of the function index in the file src/main/java/com/sohu/cache/web/controller/ServerController.java,...

PT-2025-53752

Name of the Vulnerable Software and Affected Versions Mohammad I. Okfie IF AS Shortcode versions through 1.2 Description A code injection issue exists in Mohammad I. Okfie IF AS Shortcode. The flaw allows for code injection, potentially enabling attackers to execute malicious code. The affected...

CampCodes Complete Online Beauty Parlor Management System 跨站脚本漏洞

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a cross-site scripting vulnerability that stems from an incorrect manipulation of the parameter searchdata in the file...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function index in the file src/main/java/com/sohu/cache/web/controller/ResourceController.java,...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. CacheCloud 3.2.0 and earlier versions of the code injection vulnerability, the vulnerability stems from the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java in the function...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from a misuse of the function advancedAnalysis in the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function preview in file...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which originates from an incorrect operation of the function doQuartzList in the file...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from an incorrect operation of the function taskQueueList in the file src/main/java/com/sohu/cache/web/controller/TaskController.java...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which originates from a misuse of the function redirectNoPower in the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java...

CacheCloud 代码注入漏洞

CacheCloud is a Redis cloud management platform open-sourced by SohuTV. A code injection vulnerability exists in CacheCloud 3.2.0 and earlier versions, which stems from the incorrect operation of function doAppList/appCommandAnalysis in file...

Advaya Softech GEMS ERP Portal 代码注入漏洞

Advaya Softech GEMS ERP Portal is an enterprise resource planning ERP portal system from Advaya Softech India that provides enterprise-level business process management, financial management, and supply chain integration capabilities. A code injection vulnerability exists in Advaya Softech GEMS E...

CVE-2025-15148

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...

CVE-2025-15148 CmsEasy Backend Template Management template_admin.php savetemp_action code injection

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...

EUVD-2025-205522

A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetempaction in the library /lib/admin/templateadmin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code injection. The attack may be launched...