14 matches found
CVE-2026-46394
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via procopen. An...
CVE-2025-13597
CVE-2025-13597 affects the WordPress AI Feeds plugin up to version 1.0.11. The flaw is an unauthenticated arbitrary file upload due to a missing capability check in the actualizador_git.php module, enabling attackers to download GitHub repositories and overwrite plugin files on the server, with r...
CVE-2025-13595 CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizadorgit.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite...
Exploit for CVE-2025-13595
CIBELES AI extractTo$extractDir; $rootInsideZip = $extrac...
EUVD-2022-1613
Malicious code in bioql PyPI...
Command injection in czproject/git-php
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
GHSA-3XPW-VHMV-CW7H Command injection in czproject/git-php
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
CVE-2022-25866
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
CVE-2022-25866
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
Command injection
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
CVE-2022-25866 Command Injection
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
CVE-2022-25866
CVE-2022-25866 affects the PHP Git library czproject/git-php prior to 4.0.3. The vulnerability lies in isRemoteUrlReadable($url, array $refs = NULL), where url and refs are passed to git ls-remote in a way that allows extra flags to be injected, enabling command execution. Documented impact is co...
CVE-2022-25866
The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable$url, array $refs = NULL function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set...
Git-PHP 参数注入漏洞
Git-PHP is a library. for using Git repositories in PHP. A parameter injection vulnerability exists in czproject/git-php versions prior to 4.0.3, which stems from vulnerability to command injection via git parameter injection...