4 matches found
CVE-2014-125116 HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...
PT-2022-13251 · WordPress · Flo-Launch
Name of the Vulnerable Software and Affected Versions: flo-launch WordPress plugin versions prior to 2.4.1 Description: The issue allows an attacker to initiate a new site install by setting the flo custom table prefix cookie to an arbitrary value. This is possible because the plugin injects code...
WordPress和WordPress plugin 安全漏洞
WordPress is a blogging platform developed using the PHP language. The WordPress plugin flo-launch version 2.4.1 or earlier is vulnerable to an access control error that originates when the plugin injects code into wp-config.php when creating a clone site. prefix cookie to an arbitrary value to...
CVE-2018-8966
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...