CVE-2021-43421

Summary: CVE-2021-43421 affects Studio-42 elFinder versions 2.0.4 through 2.1.59, where an unauthenticated file upload via connector.minimal.php enables arbitrary file uploads and PHP code execution on the server. Details from connected docs: multiple sources describe unauthenticated arbitrary fi...

CVE-2012-2950

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability which allows remote attackers to execute local PHP code and obtain sensitive information...

Arbitrary file deletion

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diy\dayrui\controllers\admin\Syscontroller.php 'add' function because an attacker can control the value of $data'name' with no restrictions, and this value is written to the FCPATH.$file file...

NetCharts Server Multiple Vulnerabilities

NetCharts Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-6446

The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/codegenerator.php...

Gizzar <= 03162002 (index.php) Remote File Include Vulnerability

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register import re class TestPOCPOCBase: vulID = '64305' ssvid version = '1.0' author = 'kikay' vulDate = '2006-12-13' createDate ...

Empire cms 7.0 background to get shell-vulnerability warning-the black bar safety net

Empire CMS7. 0 background can upload the mod suffix PHP file and execute inside php code. Into the backgroundit! Method a: system data tables with the system model-management data table and then randomly selected one data table, open the corresponding data table of the“management system model”as...

PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion

The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...

Design/Logic Flaw

Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow 1 remote attackers to write to arbitrary files and execute arbitrary PHP code via vectors related to improper handling of login failures by includes/login.php; and allow remote authenticated users to write to arbitrary files and...

Jinzora name Parameter Local File Inclusion

The remote host is running Jinzora, a web-based media streaming and management system written in PHP. The version of Jinzora installed on the remote host fails to filter user-supplied input to the 'name' variable in the 'index.php' script when 'op' is set before using it to include PHP code...

CVE-2008-0143

CVE-2008-0143 describes a PHP remote file inclusion vulnerability in samPHPweb’s common/db.php (potentially version 4.2.2 and later) as packaged with SAM Broadcaster. An attacker can supply a URL via the commonpath parameter to cause arbitrary PHP code execution. Public CVSS v2 data in the record...

Flatnuke3 Remote Cookie Manipoulation / Privilege Escalation

--------------------------------------------------------------- / | | / | / |/ | | |/ | | / | | | | | |/ | | // | || | ||| /| / / | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

Directory traversal

Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. dot dot sequence and trailing null %00 byte in the subsite parameter in a showsubsite todo...

CVE-2006-2609

artmedic newsletter 4.1.2 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletterlog.php. NOTE: the provenance of this information is unknown; the details are obtained sole...

AngelineCMS loadkernel.php installPath Parameter Remote File Inclusion

The remote host is running AngelineCMS, an open source content management system written in PHP. The version of AngelineCMS installed on the remote host fails to sanitize user-supplied input to the 'installPath' parameter of the '/kernel/loadkernel.php' script before using it in a PHP 'includeonc...

Comdev eCommerce 3.0 Multiple Vulnerabilities (RFI, Traversal)

The remote host is running eCommerce, a web-based shopping system from Comdev. The installed version of eCommerce allows remote attackers to control the 'pathdocroot' parameter used when including PHP code in the 'config.php' script. By leveraging this flaw, an attacker may be able to view...

CVE-2002-0206

The CVE-2002-0206 issue affects PHP-Nuke: index.php may include a URL to remote code via the file parameter, enabling remote arbitrary PHP code execution on servers running PHP-Nuke 5.3.1 and earlier (and possibly versions before 5.5). Root cause is PHP’s include() reading a URL without validatin...