CVE-2025-30595 WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

WordPress include-file plugin = 1 Cross Site Scripting XSS Vulnerability discovered by timomangcut in WordPress Plugin include-file versions = 1...

WordPress plugin include-file 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin Review Schema 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-0945

A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotel...

UBUNTU-CVE-2023-49084

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database TSDB. While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the...

GHSA-JH85-WWV9-24HV Any file can be included with the pymdown-snippets extension

Summary Arbitrary file read when using include file syntax. Details By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to...

CVE-2023-32309 Arbitrary file inclusion with the pymdowm-snippets extension

PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8--"/etc/passwd" or --8--"/proc/self/environ" the content of these files will be rendered in the...

Unrestricted file upload

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inclib/general.inc.php...

CVE-2022-46101

AyaCMS v3.1.2 was found to have a code flaw in the ustsql.inc.php file, which allows attackers to cause command execution by inserting malicious code...

baijiacms 操作系统命令注入漏洞

baijiacms is a content management system CMS for e-commerce. A security vulnerability exists in the baijiacms version, which stems from a Remote Code Execution RCE vulnerability in includes/baijiacms/common.inc.php. No details of the vulnerability are available at this time...

PHP Code Injection by malicious block or filename in Smarty

Impact Template authors could inject php code by choosing a malicous block name or include file name. Sites that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v3 or v4. Workarounds Is there a way for users to fix or remediate t...

UBUNTU-CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious block name or include file name. Sites that cannot fully trust template authors shou...

PHP Code Injection by malicious block or filename

Impact Template authors could inject php code by choosing a malicous block name or include file name. Sites that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v3 or v4. Workarounds Is there a way for users to fix or remediate t...

PT-2022-3224 · Smarty +2 · Smarty +2

Name of the Vulnerable Software and Affected Versions: Smarty versions prior to 3.1.45 Smarty versions 4.0.0 through 4.1.0 Description: The issue is related to incorrect code generation management in the PHP Smarty template engine, allowing a remote attacker to execute arbitrary PHP code. Templat...

ImpressCMS SQL注入漏洞

ImpressCMS is a MySQL-based, modular content management system CMS. The system includes modules for press releases, forums, and photo albums. ImpressCMS is vulnerable to a SQL injection vulnerability that stems from insufficient cleaning of user data passed in the groupps parameter of the...

SEMCMS 访问控制错误漏洞

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS is vulnerable to an access control error that originates from a vulnerability in /include/webcheck.php, which can be exploited to reset the password of the administrator account...

Exploit for CVE-2020-1938

CVE-2020-1938 Tomcat-fileinclude and filered Exploita...

CVE-2019-10647

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter because of a lack of inc/zzzfile.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if th...

Wireless Repeater BE126 - Local File Inclusion

Exploit Title: WIFI Repeater BE126 – Local File Inclusion Date Publish: 23/08/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested on: Windows/Ubuntu 16.04 CVE: CVE-2017-8770 1 -...