124 matches found
BookStack code issue vulnerability
BookStack is an open-source platform for building wiki documents using PHP and Laravel from the BookStackApp Bookstackapp team.BookStack is vulnerable to a code issue that stems from a lack of file type restrictions in the software's controller.php, which could be exploited by an attacker to...
CVE-2021-41675
A Remote Code Execution RCE vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei...
Cross site scripting
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML...
OpenEMR Remote Code Execution Vulnerability (CNVD-2021-05463)
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A remote code execution vulnerability exists in OpenEMR 5.0.1. An attacker can exploit this vulnerability to upload and execute malicious PHP scripts via /controller.php...
CVE-2020-19364
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php...
Design/Logic Flaw
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php...
CVE-2020-19364
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php...
OpenEMR 代码问题漏洞
OpenEMR is a medical practice management software that also supports electronic medical records EMR. A remote code execution vulnerability exists in OpenEMR 5.0.1. An attacker can exploit this vulnerability to upload and execute malicious PHP scripts via /controller.php...
Voyager 1.3.0 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: Voyager 1.3.0 - Directory Traversal Exploit Author: NgoAnhDuc Vendor Homepage: https://voyager.devdojo.com/ Software...
Default credentials
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...
CVE-2019-16720
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...
CVE-2019-3963
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patientid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
CVE-2019-3966
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreignid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
CVE-2019-3964
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the docid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
CVE-2019-3965
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the documentid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
CVE-2019-3966
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreignid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
Cross site scripting
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreignid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
Cross site scripting
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the documentid parameter. This could allow an attacker to execute arbitrary code in the context of a user's session...
CVE-2019-3966
OpenEMR 5.0.1 and earlier is affected by a reflected XSS vulnerability in controller.php (parameter: foreign_id). The issue could allow an attacker to execute arbitrary code in the context of a user’s session. The provided documents do not include patch versions, fixes, or mitigations. No exploit...
CVE-2019-3965
OpenEMR