EUVD-2016-2009

Malware in sbrugna...

CVE-2025-10251

A vulnerability was detected in FoxCMS up to 1.24. Affected by this issue is the function batchCope of the file /app/admin/controller/Images.php. The manipulation of the argument ids results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2021-25856

An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php...

CVE-2021-25856

An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php...

Code injection

An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php...

superMicro CMS Security Vulnerability

superMicro CMS is a website builder by Patrick Taylor, an individual developer. A security vulnerability exists in superMicro CMS version 3.11, which originates from an arbitrary file deletion vulnerability in the file images.php. The vulnerability can be exploited by an attacker to delete...

PT-2023-12080 · Supermicro · Pcmt Supermicro-Cms

Name of the Vulnerable Software and Affected Versions: pcmt superMicro-CMS version 3.11 Description: An issue was discovered that allows attackers to delete files via a crafted image file in the images.php file. Recommendations: For pcmt superMicro-CMS version 3.11, consider restricting access to...

CVE-2021-25856

An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php...

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Bludit 3.9.2 remote code execution

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname. Recent assessments: wchen-r7 at October 24, 2019 4:38am UTC reported: CVE-2019-16113 Bludit...

CVE-2019-1010062

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...

WordPress mobile-app-builder-by-wappress arbitrary file upload vulnerability

WordPress mobile-app-builder-by-wappress is a mobile app development plugin for WordPress. An arbitrary file upload vulnerability exists in WordPress mobile-app-builder-by-wappress version 1.05, which originates from . The vulnerability stems from code in the...

FineCMS 1.0 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: FineCMS 1.0 Multiple Vulnerabilities Dork: N/A Date: 29.08.2017 Vendor Homepage : http://mvc.net.pl/ Software Link: https://github.com/andrzuk/FineCMS Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...

FineCMS multi vulnerablity

Reflected XSS in getimage.php Technical Description: file /application/lib/ajax/getimage.php the $POST'id' and $POST'name' and $GET'folder' without any validated, sanitised or output encoded. Proof of ConceptPoC http://yourfinecms/application/lib/ajax/getimage.php?folder=1 POST: id=1"alert1&name=...

CVE-2013-5962

The CVE-2013-5962 entry relates to the WordPress plugin Complete Gallery Manager (before 3.3.4 rev40279). Affected component: frames/upload-images.php which permits an unrestricted file upload. Root cause: uploading a file with an executable extension allows remote attackers to access the uploade...

CVE-2012-5450

Cross-site request forgery CSRF vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple CMSMS 1.11.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deld parameter...

CVE-2010-3418

Multiple cross-site scripting XSS vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 carid parameter to index.php and 2 y parameter to include/images.php...

CVE-2009-4252

CVE-2009-4252 is an XSS vulnerability in the Clixint DPI Image Hosting Script DPI 1.1 Final (1.1F). The issue affects images.php and allows remote attackers to inject arbitrary web script or HTML via the date parameter. Several connected sources corroborate this: OpenVAS NASL entries describe a p...

LoveCMS 1.6.2 Final Arbitrary File Delete Vulnerability

Exploit for unknown platform in category web applications ======================================================= LoveCMS 1.6.2 Final Arbitrary File Delete Vulnerability =======================================================...

Sql injection

Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 orderby parameter to admin/cms/images.php and the 2 navid parameter in an editrecord action to admin/cms/nav.php...