WWBN AVideo 代码注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained a code injection vulnerability. This vulnerability stemmed from incomplete mitigation measures for the autoEvalCodeOnHTML evaluation function in YPTSocket, allowin...

OWASP BLT 代码注入漏洞

OWASP BLT is an open-source gamified crowdsourcing platform for testing and disclosing vulnerabilities. Versions of OWASP BLT prior to 2.1.2 contained a code injection vulnerability. This vulnerability stemmed from the use of the pullrequesttarget trigger in the pre-commit-fix.yaml workflow, whic...

Grav 代码注入漏洞

Grav is a scalable content management system CMS developed by the Grav open-source community, suitable for use in personal blogs, small content publishing platforms, and single-page product displays. Versions of Grav prior to 2.0.0-beta.2 contained a code injection vulnerability. This vulnerabili...

📄 Fuel CMS 1.4.1 PHP Code Injection

This Metasploit module targets a remote code execution vulnerability in Fuel CMS version 1.4.1. The issue stems from improper input sanitization in the filter parameter, which is passed into a dangerous PHP evaluation eval context, enabling code injection...

EUVD-2022-55969

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

Arbitrary Code Injection

Overview evolutioncms/evolution is an Evolution CMS is a Content Management System, ex MODX Evolution Affected versions of this package are vulnerable to Arbitrary Code Injection via the post parameter in the module creation process. An attacker can execute arbitrary system commands by injecting...

CVE-2022-50944

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

CVE-2021-47939

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

CVE-2021-47938

ImpressCMS 1.4.2 suffers a remote code execution (RCE) in the autotasks admin interface. An authenticated attacker can send a crafted sat_code payload via POST to /modules/system/admin.php?fct=autotasks&op=mod, resulting in creation of an executable file that accepts arbitrary commands through GE...

CVE-2022-50944

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=addpost parameter, a...

EUVD-2026-28947

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

Aero CMS 代码注入漏洞

Aero CMS is a content management system developed by the American company Aero CMS. Version 0.0.1 of Aero CMS has a code injection vulnerability. This vulnerability stems from PHP code injection in the image parameter, which may allow authenticated attackers to execute arbitrary PHP code by...

Evolution CMS 代码注入漏洞

Evolution CMS is an open-source content management system based on PHP, developed by Evolution CMS. Version 3.1.6 of Evolution CMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated users with module creation permissions to execu...

PT-2026-39514

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

PT-2026-39473

Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can upload PHP files with embedded code to the admin posts.php endpoint with source=add post parameter,...

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

CVE-2026-8211

CVE-2026-8211 affects codelibs Fess up to 15.5.1. The vulnerability lies in the JSP File Handler’s AdminDesignAction.java update function, where manipulation of the content argument enables code injection. Attacks can be performed remotely, and the exploit is public. No remediation details are pr...

CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...

CVE-2026-8211

A vulnerability was detected in codelibs Fess up to 15.5.1. Affected by this issue is the function update of the file org/codelibs/fess/app/web/admin/design/AdminDesignAction.java of the component JSP File Handler. The manipulation of the argument content results in code injection. The attack may...