Craft CMS PHP Code Injection Vulnerability

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets-Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension...

CVE-2021-40904

The web management console of CheckMK Raw Edition versions 1.5.0 to 1.6.0 allows a misconfiguration of the web-app Dokuwiki installed by default, which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface...

Code injection

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets-Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension...

Directory traversal

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...

CVE-2007-6604

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...

CVE-2007-6604

Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 and earlier allow remote attackers to read arbitrary files via a .. dot dot in 1 the s parameter to the admin page or 2 the pg parameter to an arbitrary module, as demonstrated by reading a password hash in a .dtb file under...