10 matches found
CVE-2023-47621
Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...
Remote Code Execution (RCE)
guest-entries is vulnerable to Remote Code Execution RCE. The vulnerability is due to the uploadFile function in GuestEntryController.php, as there are no checks for the file type being uploaded. This allows attackers to upload and potentially execute malicious PHP files...
GHSA-RW82-MHMX-GRMJ Guest Entries Remote code execution via file uploads
Impact When using the file uploads feature, it was possible to upload PHP files. Patches The vulnerability is fixed in v3.1.2...
CVE-2023-47621
Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...
Design/Logic Flaw
Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...
CVE-2023-47621 Remote code execution via file uploads in guest-entries
Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...
CVE-2023-47621
CVE-2023-47621 affects the Guest Entries PHP library. In affected versions, the file uploads feature does not validate uploaded content, allowing authenticated users to upload PHP files that may lead to remote code execution on the server. The issue is explicitly fixed in version 3.1.2; upgrading...
CVE-2023-47621 Remote code execution via file uploads in guest-entries
Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fix...
Guest Entries Security Breach
Guest Entries is a web tool for website management. A security vulnerability exists in Guest Entries versions prior to 3.1.2, which stems from a file upload vulnerability. An attacker can exploit this vulnerability to execute code on the server...
PT-2023-30518 · Unknown · Guest Entries
Name of the Vulnerable Software and Affected Versions: Guest Entries versions prior to 3.1.2 Description: The file uploads feature in Guest Entries did not prevent the upload of PHP files, which may lead to code execution on the server by authenticated users. Recommendations: For versions prior t...