74 matches found
CVE-2018-25324
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...
CVE-2018-25324 Simple Fields 0.2-0.3.5 Local File Inclusion via wp_abspath
Simple Fields 0.2 through 0.3.5 WordPress Plugin contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by injecting null bytes into the wpabspath parameter on PHP versions before 5.3.4. Attackers can supply malicious wpabspath values to...
CVE-2018-25324
The CVE-2018-25324 entry concerns the WordPress plugin Simple Fields versions 0.2–0.3.5, which contains a local file inclusion (LFI) flaw via the wp_abspath parameter. Unauthenticated attackers can read arbitrary files (e.g., /etc/passwd) by injecting null bytes into wp_abspath on PHP versions be...
EUVD-2019-20107
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...
CVE-2019-25687 Pegasus CMS 1.0 Remote Code Execution via extra_fields.php
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...
CVE-2019-25687 Pegasus CMS 1.0 Remote Code Execution via extra_fields.php
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...
CVE-2019-25687
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extrafields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the acti...
PT-2026-30495
Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the...
CVE-2026-23489
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2026-23489
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2026-23489
CVE-2026-23489 affects the GLPI plugin Fields . Prior to version 1.23.3, it allows arbitrary PHP code execution by users who can create dropdowns, via the dropdown generation process. The issue has been fixed in version 1.23.3 . Exploitation details are not provided in the available documents; no...
CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
EUVD-2026-12456
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2026-23489 Fields GLPI plugin vulnerable to RCE in dropdown generation
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
PT-2026-25776
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...
CVE-2017-18610
The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWPCreateCustomFieldPage.php custom-group-id parameter...
CVE-2017-18609
The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter...
CVE-2013-7476
The simple-fields plugin before 1.2 for WordPress has CSRF in the admin interface...
CVE-2019-12723
An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via containerid and oldorder parameters to ajax/reorder.php by an unauthenticated user...
CVE-2025-64114
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...