CVE-2025-1771

The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.8 via the 'hotelaloneloadmorepost' function 'style' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

PT-2023-12761 · Audiocodes · Audiocodes Device Manager Express

Name of the Vulnerable Software and Affected Versions: AudioCodes Device Manager Express versions through 7.8.20002.47752 Description: An issue allows remote code execution via directory traversal in the dir parameter of the file upload functionality of "BrowseFiles.php". An attacker can upload a...

CVE-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

CVE-2022-31085 Missing Encryption of Sensitive Data in ldap-account-manager

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by...

PT-2022-20764 · Unknown · Librehealth Ehr Base

Name of the Vulnerable Software and Affected Versions: LibreHealth EHR Base version 2.0.0 Description: The issue allows for incorrect access to the interface/super/manage site files.php. The estimated number of potentially affected devices worldwide is not available. There is no information about...

Bolt Arbitrary PHP Code Execution Vulnerability

Bolt is a simple CMS written in PHP. An arbitrary PHP code execution vulnerability exists in Controller/Async/FilesystemManager.php in filemanager in versions prior to Bolt 3.6.5. A remote attacker can execute arbitrary PHP code by renaming a previously uploaded file to have a .php extension...