Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2025/07/25 3:51 p.m.3 views

CVE-2014-125116 HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...

9.3CVSS7.5AI score0.01601EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/04/25 12:0 a.m.5 views

PT-2022-13251 · WordPress · Flo-Launch

Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...

9.8CVSS9.4AI score0.01698EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/04/25 12:0 a.m.6 views

WordPress和WordPress plugin 安全漏洞

WordPress is a blogging platform developed using the PHP language. The WordPress plugin flo-launch version 2.4.1 or earlier is vulnerable to an access control error that originates when the plugin injects code into wp-config.php when creating a clone site. prefix cookie to an arbitrary value to...

9.8CVSS5.8AI score0.01698EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2018/03/24 6:29 p.m.3 views

CVE-2018-8966

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

7.5CVSS5.7AI score0.01805EPSS
Exploits1References2
Rows per page
Query Builder