CVE-2026-33293 AVideo Affected by Arbitrary File Deletion via Path Traversal in CloneSite deleteDump Parameter

WWBN AVideo is an open source video platform. Prior to version 26.0, the deleteDump parameter in plugin/CloneSite/cloneServer.json.php is passed directly to unlink without any path sanitization. An attacker with valid clone credentials can use path traversal sequences e.g., ../../ to delete...

EUVD-2023-43382

Malicious code in bioql PyPI...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CuppaCMS Code Execution Vulnerability

CuppaCMS is a content management system CMS. A code execution vulnerability exists in CuppaCMS v1.0, which stems from the emailoutgoing parameter of the /Configuration.php file failing to properly filter the special elements of a constructed snippet. An attacker can exploit this vulnerability to...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

Remote code execution

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2023-39681

CVE-2023-39681 affects Cuppa CMS v1.0, with a remote code execution (RCE) vulnerability exposed via the email_outgoing parameter in /Configuration.php. The issue is triggered by a crafted payload, enabling an attacker with network access and no privileges to execute code, with high impact to conf...

CVE-2023-37786

Multiple cross-site scripting XSS vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settingsbackend, Mail Settingshost, Mail Settingsport and Mail Settingsauth parameters of the /admin/configuration.php...

Cross-Site Scripting (XSS)

phpmyfaq is vulnerable to Cross-Site Scripting XSS. The library does not properly escape the user inputs through $editData parameter in configuration.php, before it output to the front end, allowing an attacker to inject and execute malicious javascript on victim's browser...

CVE-2021-30461

A remote code execution issue was discovered in the web UI of VoIPmonitor before 24.61. When the recheck option is used, the user-supplied SPOOLDIR value which might contain PHP code is injected into config/configuration.php...

VulnCheck KEV: CVE-2018-7482

The K2 component 2.8.0 for Joomla! has Incorrect Access Control with directory traversal, allowing an attacker to download arbitrary files, as demonstrated by a view=media&task=connector&cmd=file&target=l1../configuration.php&download=1 request. The specific pathname ../configuration.php...

CVE-2020-23489

The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin...

Joomla Object Injection

Added: 10/24/2019 Background Joomla is a content management system written in PHP. Problem An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server. This vulnerability has been nicknamed "Rusty Joomla". Resolution Upgra...

Joomla! 3.4.6 - Remote Code Execution (Metasploit)

Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A This modul...

Joomla! 3.4.6 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A This module requires...

Joomla! 3.4.6 - Remote Code Execution

Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A Technical details:...