EUVD-2006-4464

Malware in sbrugna...

Improper Access Control

silverstripe/framework is vulnerable to Improper Access Control. The vulnerability is due to a weakness in the .htaccess rules preventing requests to uploaded PHP scripts, which allows PHP scripts in the assets directory to be executed via a specially crafted URL...

silverstripe/framework uploaded PHP script execution in assets

A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...

GHSA-F43J-8HQ4-2XJ9 silverstripe/framework uploaded PHP script execution in assets

A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...

PT-2023-32670 · WordPress · Contact Form 7

Name of the Vulnerable Software and Affected Versions: Contact Form 7 versions up to, and including, 5.8.3 Description: The issue arises from insufficient file type validation in the validate function and insufficient blocklisting on the wpcf7 antiscript file name function. This allows...

Monospace Directus Headless CMS File Upload / Rule Bypass Vulnerabilities

======================================================================= title: Arbitrary File Upload and Bypassing .htaccess Rules product: Monospace Directus Headless CMS vulnerable version: v8.8.2 fixed version: v8.8.2, v9 is not affected because of different architecture CVE number:...