MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...

CVE-2019-11519

Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations - Languages - Edit Language - Import Resources - Upload XML file" screen...

Subrion CMS Cross-Site Request Forgery Vulnerability (CNVD-2017-04654)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site request forgery vulnerability exists in admin/languages/edit/1/URI in Subrion CMS version...

CVE-2006-7218

eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy...