CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

Code injection

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...

CVE-2011-5161

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under...

CVE-2012-1468

Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not ".php", then accessing it via a direct request to the file in...

CVE-2012-4036

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged b...

PT-2012-5161 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension to the addons directory via admin.php, and then accessing it directly. This can be...

CVE-2012-4269

Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message...

Unrestricted file upload

Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct...

CVE-2012-3575

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider...

CVE-2012-3575

Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider...

Code injection

@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/...

CVE-2012-1198

baseagmain.php in Basic Analysis and Security Engine BASE 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create action, then accessing it via a view action...

Unrestricted file upload

Unrestricted file upload vulnerability in incidentattachments.php in Support Incident Tracker aka SiT! 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in unspecified directory, a...

Unrestricted file upload

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable extension using 1 uploadify/uploadadminavatar.php or 2 uploadify/uploadprofileavatar.php, then accessi...

Unrestricted file upload

Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension using the upload action to index.php, then accessing it via a direct request to the file in an unspecified directory...

Unrestricted file upload

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...

CVE-2010-4353

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...

CVE-2010-4353

Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file...

CVE-2010-2153

Unrestricted file upload vulnerability in admin/code/tcefunctionstcecodeeditor.php in TCExam 10.1.006 and 10.1.007 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in cache/...

Unrestricted file upload

Unrestricted file upload vulnerability in Element-IT Ultimate Uploader 1.3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/...