Lucene search
K

15 matches found

NVD
NVD
added 2026/04/10 7:16 p.m.5 views

CVE-2026-33618

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 6:10 p.m.3 views

CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

8.8CVSS6AI score0.00319EPSS
Exploits0References2
CVE
CVE
added 2026/04/10 6:10 p.m.8 views

CVE-2026-33618

Chamilo LMS is affected by CVE-2026-33618. Prior to 2.0.0-RC.3, PlatformConfigurationController::decodeSettingArray() uses PHP eval() to parse settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP code into settings, which is executed when ...

8.8CVSS6AI score0.00319EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/26 9:30 a.m.4 views

EUVD-2026-16134

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

5.3CVSS4.1AI score0.00337EPSS
Exploits0References5
NVD
NVD
added 2026/03/26 7:16 a.m.6 views

CVE-2026-4847

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

5.3CVSS0.00337EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/26 6:23 a.m.1 views

CVE-2026-4847 dameng100 muucmf list.html cross site scripting

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

5.3CVSS4.1AI score0.00337EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/26 6:23 a.m.32 views

CVE-2026-4847 dameng100 muucmf list.html cross site scripting

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

5.3CVSS0.00337EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 6:23 a.m.1 views

CVE-2026-4847

A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...

5.3CVSS4.1AI score0.00337EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/26 6:23 a.m.9 views

CVE-2026-4847

The CVE-2026-4847 entry concerns dameng100 muucmf 1.9.5.20260309. A cross-site scripting flaw exists in an unknown function of /admin/config/list.html caused by manipulating the Name argument. The attack is remote and the exploit has been made public. No remediation details are provided in the do...

5.3CVSS4.1AI score0.00337EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.10 views

MuuCmf 代码注入漏洞

MuuCmf is an open-source application development framework created by Dameng100. Version MuuCmf 1.9.5.20260309 contains a code injection vulnerability. This vulnerability stems from incorrect handling of parameters named “Name” in the file “admin/config/list.html”, which may lead to cross-site...

5.3CVSS5.7AI score0.00337EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/03/19 12:0 a.m.11 views

Rebuild SQL注入漏洞

Rebuild is a highly customizable enterprise management system. An SQL injection vulnerability exists in Rebuild 3.2.3 and earlier versions, which stems from a problem with the function queryListOfConfig in the file /admin/robot/approval/list, where manipulation of the parameter q can lead to sql...

8.8CVSS7AI score0.00715EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/03/24 5:15 p.m.4 views

CVE-2022-25568

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.5CVSS5.3AI score0.06829EPSS
Exploits1References4
PyPA
PyPA
added 2022/03/24 5:15 p.m.6 views

PYSEC-2022-43141

MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...

7.5CVSS6.7AI score0.06829EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2022/03/24 12:0 a.m.4 views

MotionEye-Project MotionEye 信息泄露漏洞

MotionEye-Project MotionEye is a web-based motion front-end from the individual developer Calin Crisan. A security vulnerability exists in MotionEye-Project MotionEye v0.42.1 and prior versions, which stems from the application's lack of permissions restriction and filtering for GET requests to...

7.5CVSS7.2AI score0.06829EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/03/24 12:0 a.m.1 views

PT-2022-17371 · Motioneye · Motioneye

Name of the Vulnerable Software and Affected Versions: MotionEye versions 0.42.1 and below Description: The issue allows attackers to access sensitive information via a GET request to "/config/list". To exploit this, a regular user password must be unconfigured. Recommendations: For MotionEye...

7.5CVSS7.3AI score0.06829EPSS
Exploits1References10
Rows per page
Query Builder