15 matches found
CVE-2025-13380
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2025-13380 AI Engine for WordPress: ChatGPT, GPT Content Generator <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read
The AI Engine for WordPress: ChatGPT, GPT Content Generator plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1. This is due to insufficient validation of user-supplied file paths in the 'lqdaiupdatepost' AJAX endpoint and the use of filegetconten...
CVE-2023-42426
Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...
Cross site scripting
Cross-site scripting XSS vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component...
Froala Editor Cross-Site Scripting Vulnerability
Froala Editor is a powerful JavaScript rich text editor for individual developers. A cross-site scripting vulnerability exists in Froala Editor v.4.1.1. A remote attacker can exploit this vulnerability to execute arbitrary code via the "Insert link" parameter in the "Insert Image" component...
PT-2023-28334 · Froala · Froala Editor
Name of the Vulnerable Software and Affected Versions: Froala Editor version 4.1.1 Description: A cross-site scripting XSS issue allows remote attackers to execute arbitrary code via the Insert link parameter in the Insert Image component. This enables attackers to inject malicious code,...
openWYSIWYG Insert Image 1.4.7 Arbitrary File Upload Vulnerability
openWYSIWYG Insert Image version 1.4.7 suffers from a remote arbitrary unauthenticated file upload vulnerability Exploit Title: openWYSIWYG | Insert Image v1.4.7 / Unauthenticated File Upload Date: 2017-1-15 Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Home :...
Shopify: SSRF via 'Insert Image' feature of Products/Collections/Frontpage
Hi Security team, I would like to report an another SSRF issue like my previous bug 67377 https://hackerone.com/reports/67377. The description, threats, risks, exploatations are the same. The base request is the following POST /admin/settings/files.json HTTP/1.1 Host: test-4925.myshopify.com...
eggBlog 4.1.2 - Arbitrary File Upload Vulnerability
No description provided by source. Exploit Title: eggBlog Arbitrary File Upload Vulnerability Google Dork:powered by eggBlog.net Date: 28/04/2013 Exploit Author: Pokk3rs Vendor Homepage: http://eggblog.net/ Software Link: http://sourceforge.net/projects/eggblog/files/eggBlog%204/v4.1.2/ Tested on...
Drupal Htmlarea 4.7.x-1.x Shell Upload
. \ \ | | | / | \ | | / | \ \ / | |/ / / / \ | | \ |/ \ | | / /\ | \ | /\ / / / / / /// .ORG + Info================================================================= Title: Drupal Htmlarea Modules 4.7.x-1.x / Arbitary File Upload Vulnerabilities Author: Net.Edit0r Contact:...
EggBlog 4.1.2 - Arbitrary File Upload
EggBlog 4.1.2 - Arbitrary File Upload Exploit Title: eggBlog Arbitrary File Upload Vulnerability Google Dork:"powered by eggBlog.net" Date: 28/04/2013 Exploit Author: Pokk3rs Vendor Homepage: http://eggblog.net/ Software Link: http://sourceforge.net/projects/eggblog/files/eggBlog%204/v4.1.2/ Test...
openwysiwyg Remote File Upload Vulnerability
Exploit for php platform in category web applications db 88 d88b "" d8'8b d8' 8b ,adPPYba, ,adPPYba, ,adPPYba, 88 8b,dPPYba, ,adPPYba, d8YaaaaY8b I8 "" a8P88 I8 "" 88 88P' "8a a8" "8a d8""""""""8b "Y8ba, 8PP""""""" "Y8ba, 88 88 88 8b d8 d8' 8b aa 8I "8b, ,aa aa 8I 88 88 88 "8a, ,a8" d8' 8b "YbbdP...
XSS vulnerabilities in insert image and link actions
In 2.7.x, the following URL's are vulnerable: - /users/insertlink.action - /users/insertlink-page-attachmentstab.action - /users/insertlink-page-uploadfile.action - /users/insertlink-draft-attachmentstab.action - /users/insertlink-draft-uploadfile.action - /users/doinsertimageinpage.action -...
XSS vulnerabilities in insert image and link actions
In 2.7.x, the following URL's are vulnerable: - /users/insertlink.action - /users/insertlink-page-attachmentstab.action - /users/insertlink-page-uploadfile.action - /users/insertlink-draft-attachmentstab.action - /users/insertlink-draft-uploadfile.action - /users/doinsertimageinpage.action -...
PT-2005-4742 · Sapid · Sapid Cms
Name of the Vulnerable Software and Affected Versions: SAPID CMS versions prior to 1.2.3.03 Description: The issue allows remote attackers to bypass authentication by making direct requests to certain files, including insert file.php, insert image.php, insert link.php, insert qcfile.php, and...