CVE-2026-44239

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

CVE-2026-44239 FreePBX: Authenticated Local File Inclusion in Dashboard Module

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

PT-2026-44844

FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $ REQUEST'rawname' parameter is concatenated into an include call with a .class.php suffix, allowing path...

FreePBX 安全漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.22 and 17.0.5 contained security vulnerabilities. These vulnerabilities stemmed from the getcontent AJAX...

PT-2026-21560

Name of the Vulnerable Software and Affected Versions erzhongxmu JEEWMS versions up to 3.7 Description A flaw exists in erzhongxmu JEEWMS, specifically within the UEditor component, affecting the file src/main/webapp/plug-in/ueditor/jsp/getContent.jsp. The myEditor argument can be manipulated to...

WordPress plugin Tumult Hype Animations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-16357 · Tumult · Tumult Hype Animations

Name of the Vulnerable Software and Affected Versions: Tumult Hype Animations plugin for WordPress versions up to, and including, 1.9.14 Description: The issue is related to unauthorized access of data due to a missing capability check on the hypeanimations getcontent function. This allows...

Cross-site Scripting (XSS)

TinyMCE is vulnerable to Cross-site Scripting XSS. The vulnerability occurs when an HTML snippet is restored from the undo stack. In this situation, a combination of string manipulation and reparative parsing by the browser's native DomParser API results in malicious mutations to the HTML. This, ...

CVE-2023-45818 Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin

TinyMCE is an open source rich text editor. A mutation cross-site scripting mXSS vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions before...

GHSA-CP2P-6XH4-JMCP nterchange Code Injection vulnerability

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...

nterchange Code Injection vulnerability

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...

CVE-2015-10009

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...

Code injection

A vulnerability was found in nterchange up to 4.1.0. It has been rated as critical. This issue affects the function getContent of the file app/controllers/codecallercontroller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code injection. The exploit has...

CVE-2015-10009

CVE-2015-10009 affects nterchange up to version 4.1.0. The vulnerability targets the getContent function in app/controllers/code_caller_controller.php, where input for the parameter q can be manipulated (example: %5C%27%29;phpinfo%28%29;/*) to achieve code injection. The exploit has been publicly...

PT-2023-10188 · Unknown · Interchange

Name of the Vulnerable Software and Affected Versions: nterchange versions up to 4.1.0 Description: A critical issue affects the function getContent of the file app/controllers/code caller controller.php. The manipulation of the argument q with the input %5C%27%29;phpinfo%28%29;/ leads to code...

PHP 5.6.x < 5.6.18 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.18. It is, therefore, affected by multiple vulnerabilities : - The Perl-Compatible Regular Expressions PCRE library is affected by multiple vulnerabilities related to the handling of regular...

wget2: Heap-buffer-overflow in getContent

Project: https://gitlab.com/gnuwget/wget2.git Detailed report: https://oss-fuzz.com/testcase?key=5103826937839616 Project: wget2 Fuzzer: aflwget2libwgetmetalinkparsefuzzer Fuzz target binary: libwgetmetalinkparsefuzzer Job Type: aflasanwget2 Platform Id: linux Crash Type: Heap-buffer-overflow REA...

PHP 'ext/phar/phar_object. c' heap overflow vulnerability, CVE-2016-4342）

Parse . tar/. zip/. phar file, the stack boundary condition control is not strict, leading to possible heap overflow. Create a new empty file"aaaa"0 byte, packaged into a "aaaa. tar"file is not compressed before the aaaa file size is 0 it. By PharFileInfo object getContent method to get the aaaa...

CVE-2012-6522

Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter. NOTE: some of these details are obtained from third party information...