Chamilo import.php file OS command injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo import.php file exists operating system command injection vulnerability , the vulnerability stems from /plugin/vchamilo/views/import.php POST tomaindatabase parameter fails to correctly filter constructive commands special...

CVE-2025-50193

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

CVE-2025-50198 Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configurationfile; POST coursepath; POST homepath parameters. This issue has been patched in version 1.11.30...

CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

CVE-2025-50193

CVE-2025-50193 affects Chamilo LMS prior to version 1.11.30. The vulnerability is an OS command injection in the file /plugin/vchamilo/views/import.php triggered by the POST parameter to_main_database , potentially enabling a remote attacker to execute arbitrary commands (and, per PT-2025-37308, ...

EUVD-2025-208162

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

Chamilo 操作系统命令注入漏洞

Chamilo is a learning management system open source by Chamilo. Chamilo import.php file exists operating system command injection vulnerability , the vulnerability stems from /plugin/vchamilo/views/import.php POST tomaindatabase parameter fails to correctly filter constructive commands special...

CVE-2026-0649

A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipulation of the argument companylogo leads to server-side request forgery. It is possible to initiat...

Invoice Ninja 代码问题漏洞

Invoice Ninja is a free invoicing software from Invoice Ninja USA. A code issue vulnerability exists in Invoice Ninja version 5.12.38 and earlier, which stems from the incorrect manipulation of the parameter companylogo in the file /app/Jobs/Util/Import.php of the component Migration Import, whic...

EUVD-2013-1775

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2014-1879

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a...

CVE-2025-1320 teachPress <= 9.0.9 - Cross-Site Request Forgery to Import Delete

The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php page. This makes it possible for unauthenticated attackers to delete imports via a forged request...

PT-2025-12767 · WordPress · Teachpress

Name of the Vulnerable Software and Affected Versions: teachPress plugin for WordPress versions up to, and including, 9.0.9 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the "import.php" page. This allows unauthenticated attackers ...

GHSA-X962-W72P-MV7Q phpMyAdmin Global variables scope injection vulnerability

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

phpMyAdmin Global variables scope injection vulnerability

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request...

WordPress ultimate-faqs plugin HTML content injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ultimate-faqs is a FAQ plugin used in it. An HTML content injection vulnerability exists in the Functions/EWDUFAQImport.php file in...

PlaySMS import.php Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS import.php Authenticated CSV File Upload Code Execution', 'Description' = %q This module exploits an authenticated file upload remote cod...

PlaySMs 1.4 'import.php' Remote Code Execution

Description Code Execution using import.php We know import.php accept file and just read content not stored in server. But when we stored payload in our backdoor.csv and upload to phonebook. Its execute our payload and show on next page in field in NAME,MOBILE,Email,Group COde,Tags accordingly . ...

CVE-2017-9101

import.php aka the Phonebook import feature in PlaySMS 1.4 allows remote code execution via vectors involving the User-Agent HTTP header and PHP code in the name of a file...