Payload CMS 代码问题漏洞

Payload CMS is an open-source content management system developed by Payload. Versions of Payload CMS prior to 3.75.0 contained code vulnerabilities. These vulnerabilities stemmed from insufficient validation of HTTP redirection during the external file upload function, which could lead to...

Remote Code Execution (RCE)

concrete5/concrete5 is vulnerable to remote code execution. An attacker is able to inject and execute malicious code via external file upload feature because, the library stages files in the public directory even when they have disallowed file extensions...

Improper file handling in concrete5/core

A bypass of adding remote files in Concrete CMS previously concrete5 File Manager leads to remote code execution in Concrete CMS concrete5 versions 8.5.6 and below. The external file upload feature stages files in the public directory even if they have disallowed file extensions. They are stored ...

CVE-2015-3181

files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restriction...