6 matches found
Malicious Visual Studio Code Extensions Hide Trojan in Fake PNG Files
VS Code developers beware: ReversingLabs found 19 malicious extensions hiding trojans inside a popular dependency, disguising the final malware payload as a standard PNG image file...
SourceCodester Web-based Pharmacy Product Management System 代码问题漏洞
SourceCodester Web-based Pharmacy Product Management System is a SourceCodester open source web-based pharmacy product management system. A security vulnerability exists in SourceCodester Web-based Pharmacy Product Management System v.1.0, which originates in the file upload functionality and cou...
CVE-2025-45997
CVE-2025-45997 affects Sourcecodester Web-based Pharmacy Product Management System v1.0. The issue is in the file upload feature: an attacker can upload a PHP file disguised as an image by tampering the Content-Type header to image/jpg, potentially enabling remote code execution on the server. Th...
Statamic Security Breach
Statamic is a powerful flat file Cms built on Laravel by Statamic USA. used to store all content, templates, assets and settings in files instead of a database. A security vulnerability exists in Statamic that stems from the possibility of uploading certain additional PHP files that look like...
CVE-2023-47129
Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...
Input validation
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files...