2 matches found
CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...
CVE-2026-28556
Affected software: wpForo Forum 2.4.14. Vulnerability: missing authorization that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form handlers. Requires a valid form nonce; attackers can reorganize arbitrary forum content...