Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.4 views

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

7.2CVSS7.1AI score0.01294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/26 12:26 a.m.8 views

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

5.3CVSS7.8AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.6 views

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

5.3CVSS6.1AI score0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/24 12:0 a.m.4 views

Xingyuantu SparkShop 安全漏洞

Xingyuantu SparkShop is an open source shopping center from Xingyuantu, a Chinese company. A security vulnerability exists in Xingyuantu SparkShop v1.1.7 and earlier versions, which can be exploited for remote code execution via a specially crafted phar file...

5.3CVSS7.8AI score0.00403EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/24 12:0 a.m.11 views

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/24 12:0 a.m.5 views

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

5.8AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2025/02/24 12:0 a.m.66 views

CVE-2024-57685

CVE-2024-57685 affects sparkshop v1.1.7 and earlier. The issue allows remote code execution via a crafted phar file. According to the linked data, the flaw has CVSS 3.1 base score 5.3 (NETWORK, LOW attack complexity, NONE privileges, NONE user interaction, I-LA, S-U). No explicit remediation or p...

5.3CVSS8AI score0.00403EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2023/05/08 2:15 p.m.28 views

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

7.2CVSS6.8AI score0.01294EPSS
Exploits1References2
Prion
Prion
added 2022/04/15 8:15 p.m.20 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file...

6.5CVSS8.7AI score0.00801EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder