CVE-2023-22953

CVE-2023-22953 affects ExpressionEngine versions prior to 7.2.6. The vulnerability enables remote code execution by an authenticated Control Panel user. CVSS v3.1 base score 8.8 (HIGH) with network attack vector, low attack complexity, and privileges required: low. Impact includes confidentiality...

CVE-2023-22953

In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user...

Packet Tide ExpressionEngine 安全漏洞

Packet Tide ExpressionEngine is an open source content management system CMS from Packet Tide, Inc. in the United States. A security vulnerability exists in Packet Tide ExpressionEngine versions prior to 7.2.6 that stems from the presence of remote code execution...

ExpressionEngine: PHP Object injection -> Building Custom Gadget chain -> RCE

Vulnerability description not provided...

CVE-2020-8242

Unsanitized user input in ExpressionEngine = 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack...

CVE-2020-8242

Unsanitized user input in ExpressionEngine = 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack...

Sql injection

Unsanitized user input in ExpressionEngine = 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack...

CVE-2020-8242

Unsanitized user input in ExpressionEngine = 5.4.0 control panel member creation leads to an SQL injection. The user needs member creation/admin control panel access to execute the attack...

CVE-2020-8242

CVE-2020-8242 refers to an SQL injection in ExpressionEngine (open-source CMS) caused by unsanitized user input during control panel member creation. The vulnerability affects ExpressionEngine versions up to and including 5.4.0 and requires the attacker to have access to the control panel’s membe...

Packet Tide ExpressionEngine 安全漏洞

Packet Tide ExpressionEngine is an open source content management system CMS from Packet Tide USA. Packet Tide ExpressionEngine suffers from a SQL injection vulnerability that originates from unsanitized user input in ExpressionEngine = 5.4.0 Control Panel Member Creation, which can lead to SQL...

PACKET TIDE ExpressionEngine 输入验证错误漏洞

Packet Tide ExpressionEngine is an open source content management system CMS from Packet Tide Packet Tide. An input validation error vulnerability exists in PACKET TIDE Expression Engine versions prior to 6.0.3, which stems from a lack of validation of the input value of input-getfile in the...

ExpressionEngine 6.0.2 PHP Code Injection Vulnerability

---------------------------------------------------------------------------- ExpressionEngine security-sanitizefilename$file; 366. 367. $destdir = $this-languagesdir . $language . '/'; 368. $filename = $file . 'lang.php'; 369. $destloc = $destdir . $filename; 370. 371. $str = 'lang-loadfile$file;...

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

Code injection

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

CVE-2021-27230

ExpressionEngine prior to 5.4.2 and 6.x prior to 6.0.3 is affected by a PHP code injection vulnerability. Authenticated users able to invoke Translate::save() can write to an _lang.php file under system/user/language, enabling arbitrary PHP execution. Root cause: Translate::save() path handling a...

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

PACKET TIDE ExpressionEngine 代码注入漏洞

Packet Tide ExpressionEngine is an open source content management system CMS from Packet Tide, Inc. A code injection vulnerability exists in ExpressionEngine versions prior to 5.4.2 and 6.0.3, which allows certain authenticated users to inject PHP code...

ExpressionEngine 6.0.2 PHP Code Injection

---------------------------------------------------------------------------- ExpressionEngine security-sanitizefilename$file; 366. 367. $destdir = $this-languagesdir . $language . '/'; 368. $filename = $file . 'lang.php'; 369. $destloc = $destdir . $filename; 370. 371. $str = 'lang-loadfile$file;...

ExpressionEngine: Comment/channel unsubscribe GET CSRF

A vulnerability was identified and fixed that could have allowed attackers to unsubscribe users from comment notifications by exploiting the lack of CSRF protection...