15 matches found
CVE-2026-33618
Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...
CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings
Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...
CVE-2026-33618
Chamilo LMS is affected by CVE-2026-33618. Prior to 2.0.0-RC.3, PlatformConfigurationController::decodeSettingArray() uses PHP eval() to parse settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP code into settings, which is executed when ...
EUVD-2026-16134
A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...
CVE-2026-4847
A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...
CVE-2026-4847 dameng100 muucmf list.html cross site scripting
A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...
CVE-2026-4847 dameng100 muucmf list.html cross site scripting
A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...
CVE-2026-4847
A vulnerability was found in dameng100 muucmf 1.9.5.20260309. The impacted element is an unknown function of the file /admin/config/list.html. Performing a manipulation of the argument Name results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and...
CVE-2026-4847
The CVE-2026-4847 entry concerns dameng100 muucmf 1.9.5.20260309. A cross-site scripting flaw exists in an unknown function of /admin/config/list.html caused by manipulating the Name argument. The attack is remote and the exploit has been made public. No remediation details are provided in the do...
MuuCmf 代码注入漏洞
MuuCmf is an open-source application development framework created by Dameng100. Version MuuCmf 1.9.5.20260309 contains a code injection vulnerability. This vulnerability stems from incorrect handling of parameters named “Name” in the file “admin/config/list.html”, which may lead to cross-site...
Rebuild SQL注入漏洞
Rebuild is a highly customizable enterprise management system. An SQL injection vulnerability exists in Rebuild 3.2.3 and earlier versions, which stems from a problem with the function queryListOfConfig in the file /admin/robot/approval/list, where manipulation of the parameter q can lead to sql...
CVE-2022-25568
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
PYSEC-2022-43141
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured...
MotionEye-Project MotionEye 信息泄露漏洞
MotionEye-Project MotionEye is a web-based motion front-end from the individual developer Calin Crisan. A security vulnerability exists in MotionEye-Project MotionEye v0.42.1 and prior versions, which stems from the application's lack of permissions restriction and filtering for GET requests to...
PT-2022-17371 · Motioneye · Motioneye
Name of the Vulnerable Software and Affected Versions: MotionEye versions 0.42.1 and below Description: The issue allows attackers to access sensitive information via a GET request to "/config/list". To exploit this, a regular user password must be unconfigured. Recommendations: For MotionEye...