11 matches found
CVE-2026-8832
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...
EUVD-2026-32100
The WPCode - Insert Headers and Footers + Custom Code Snippets - WordPress Code Manager plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.3.5 This is due to the 'wpcode' custom post type being registered without a custom capabilitytype or capability...
CVE-2026-33717
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing...
WWBN AVideo 代码问题漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained code vulnerabilities. These vulnerabilities stemmed from the downloadVideoFromDownloadURL function using the original file name and extension of the remote...
LabCollector 代码问题漏洞
LabCollector is an all-in-one laboratory management platform from LabCollector, Inc. A security vulnerability exists in LabCollector versions 6.0 through 6.15. An attacker can exploit the vulnerability to upload executable PHP files and execute system commands...
GHSA-364W-9G92-3GRQ Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content.
Withdrawn This advisory has been withdrawn after the maintainers of Laravel noted this issue is not a security vulnerability with Laravel itself, but rather a userland issue. Original CVE based description Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP...
Input validation
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...
CVE-2021-43617
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...
CVE-2021-43617
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...
Western Digital My Cloud Multiple Products 5.0 < 5.06.115 Multiple Vulnerabilities
Multiple Western Digital My Cloud products are prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progr...
[20180502] - Core - Add PHAR files to the upload blacklist
Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...