CVE-2018-16238

An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file...

CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

Chatness 2.5.3 (options.php/save.php) Remote Code Execution Exploit

No description provided by source. ?/ Files: options.php, save.php Affects: Chatness = 2.5.3 Date: 12th April 2007 Issue Description: =========================================================================== Chatness suffers with two main vulnerabilities, the first of these in /admin/options.ph...