9 matches found
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
Xingyuantu SparkShop 安全漏洞
Xingyuantu SparkShop is an open source shopping center from Xingyuantu, a Chinese company. A security vulnerability exists in Xingyuantu SparkShop v1.1.7 and earlier versions, which can be exploited for remote code execution via a specially crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...
CVE-2024-57685
CVE-2024-57685 affects sparkshop v1.1.7 and earlier. The issue allows remote code execution via a crafted phar file. According to the linked data, the flaw has CVSS 3.1 base score 5.3 (NETWORK, LOW attack complexity, NONE privileges, NONE user interaction, I-LA, S-U). No explicit remediation or p...
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
Server side request forgery (ssrf)
A Server-Side Request Forgery SSRF in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file...