CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2023/08/24 6:15 p.m.•12 views

CVE-2023-39834

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via createfunction...

9.8CVSS9.8AI score0.00943EPSS

OSV•added 2023/08/24 6:15 p.m.•0 views

CVE-2023-39834

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via createfunction...

9.8CVSS5.8AI score

Exploits0References1

Prion•added 2023/08/24 6:15 p.m.•35 views

Command injection

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via createfunction...

7.5CVSS9.8AI score0.00943EPSS

Exploits1References1Affected Software1

Cvelist•added 2023/08/24 12:0 a.m.•14 views

CVE-2023-39834

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via createfunction...

10AI score0.00943EPSS

CNNVD•added 2023/08/24 12:0 a.m.•1 views

PbootCMS 命令注入漏洞

PbootCMS is PbootCMS individual developers of an open source enterprise website content management system CMS using PHP language development. PbootCMS v3.2.0 version has a security vulnerability, the vulnerability stems from createfunction has a command injection vulnerability...

9.8CVSS8.4AI score0.00943EPSS

Exploits1References2

Vulnrichment•added 2023/08/24 12:0 a.m.•6 views

CVE-2023-39834

PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via createfunction...

8AI score0.00943EPSS

ATTACKERKB•added 2021/12/08 12:0 a.m.•50 views

CVE-2021-44529

A code injection vulnerability in the Ivanti EPM Cloud Services Appliance CSA allows an unauthenticated user to execute arbitrary code with limited permissions nobody. Recent assessments: h00die-gr3y at January 08, 2023 9:32am UTC reported: During the boring Christmas Days, — those days where you...

9.8CVSS8.3AI score0.94461EPSS

In wildExploits158References4

RedhatCVE•added 2019/10/04 8:36 p.m.•20 views

CVE-2008-4687

manageprojpage.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by createfunction within the multisort function in core/utilityapi.php...

9CVSS7.5AI score0.79225EPSS

Exploits4References3

seebug.org•added 2016/10/09 12:0 a.m.•28 views

Wordpress <= 4.6.1 using the language file arbitrary code execution vulnerability

Author: p0wd3r know Chong Yu 404 security lab 0x00 vulnerability overview 1. Vulnerability description WordPress is a PHP and MySQL as a platform free and open source blogging software and content management system, recently in github...

8AI score

Prion•added 2014/12/05 6:59 p.m.•11 views

Code injection

The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP createfunction...

10CVSS8.1AI score0.28914EPSS

Exploits6References5Affected Software1

seebug.org•added 2014/07/01 12:0 a.m.•19 views

Mantis Bug Tracker <= 1.1.3 - Remote Code Execution Exploit

No description provided by source. ?php / -------------------------------------------------------------------------------- Mantis Bug Tracker = 1.1.3 manageprojpage.php Remote Code Execution Exploit -------------------------------------------------------------------------------- author...: EgiX...

seebug.org•added 2014/07/01 12:0 a.m.•20 views

PHP 5.2.6 'create_function()' Code Injection Weakness (2)

No description provided by source. source: http://www.securityfocus.com/bid/31398/info PHP is prone to a code-injection weakness because it fails to sufficiently sanitize input to 'createfunction'. Note that the anonymous function returned need not be called for the supplied code to be executed. ...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

PHP 5.2.6 'create_function()' Code Injection Weakness (1)

seebug.org•added 2014/07/01 12:0 a.m.•14 views

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection

No description provided by source. $Id: phpldapadminqueryengine.rb 14060 2011-10-25 05:25:39Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...