84 matches found
MeshCMS Command Injection Vulnerability
MeshCMS is an online editing system developed by JAVA. The parameter "exportCommand" in the MeshCMS staticexport2.jsp file has command injection. The attacker is able to execute malicious commands...
Design/Logic Flaw
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTT...
PT-2012-1866 · WordPress · Backwpup
Name of the Vulnerable Software and Affected Versions: BackWPup plugin versions prior to 1.7.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter in the wp xml export.php file. Recommendations: For versions prior to 1.7.2, update to versi...
WordPress GD Star Rating plugin <= 1.9.10 SQL Injection
Exploit for php platform in category web applications Exploit Title: WordPress GD Star Rating plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- ./export.php requireonce"./code/cls/export.php"; ... if isset$GET"ex" $exporttype = $GET"ex"...