CVE-2024-51092

LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index, SettingsController.php's update, and PollDevice.php's initRrdDirectory...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fixed potential integer overflows. The 64-bit argument for the “get DIMM info” SMC call consists of memctrlidx, which is left-shifted by 16 bits and OR-ed with the DIMM index. Since memctrlidx is defined as a 32-b...

SUSE CVE-2024-53161

In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of memctrlidx left-shifted 16 bits and OR-ed with DIMM index. With memctrlidx defined as 32-bits wide the left-shift...

PT-2024-32992 · Thinkphp · Thinkphp

Name of the Vulnerable Software and Affected Versions: Thinkphp versions 6.1.3 through 8.0.4 Description: A deserialization issue in the controllerIndex.php component allows attackers to execute arbitrary code. Recommendations: For versions 6.1.3 through 8.0.4, update to a version that contains a...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper authorization via the add method in controller\Index.php file. An attacker can manipulate SQL queries and access or modify data in the database. Remediation There is no fixed version for funadmin/funadmin...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the delfile method in controller\Index.php. An attacker can execute arbitrary SQL commands and delete files without proper authorization. Remediation There is no fixed version for funadmin/funadmin. References - GitHub...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper input sanitization via the editfile method in \controller\Index.php file . An attacker can execute arbitrary SQL commands by injecting malicious SQL code into the input parameters. Remediation There is no...

74CMS 安全漏洞

74CMS is an online recruitment system based on PHP and MySQL. A file upload vulnerability exists in version 3.28.0 of 74CMS, which stems from the lack of valid validation of the uploaded file by imgBase64, a parameter of the function sendCompanyLogo in file /controller/company/Index.php. The...

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...

CVE-2020-21649

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sql method...

CVE-2020-21653

Myucms v2.2.1 contains a server-side request forgery SSRF in the component \controller\index.php, which can be exploited via the sj method...

WSTSHOP open source version controller\Index.php file reload vulnerability

WSTSHOP open source version is a php language based on the development of B2C open source online store system . WSTSHOP open source version controller\Index.php file reload vulnerability . Allow attackers to exploit the vulnerability reload connection to a malicious external database , etc...