4 matches found
VulnCheck KEV: CVE-2026-27760
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...
CVE-2026-27760
OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define string...
PT-2026-35727
Name of the Vulnerable Software and Affected Versions OpenCATS versions prior to commit 3002a29 Description An unauthenticated PHP code injection issue exists in the installer AJAX endpoint. This allows attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity...
CVE-2013-5696
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery CSRF attacks, and 1 perform a SQL injection via an Etape4 action or 2 execute arbitrary PHP...