11 matches found
Arbitrary File Upload
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the installthemefromtmp process. An attacker can execute arbitrary PHP code on the server by uploading a specially crafted ZIP file containing...
CVE-2026-27741
Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...
CVE-2026-27741
Bludit version 3.16.1 contains a cross-site request forgery CSRF vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can...
Bludit 跨站请求伪造漏洞
Bludit is an open-source, lightweight blog content management system developed by Bludit. Version 3.16.1 of Bludit contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of anti-CSRF tokens on the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints,...
CVE-2025-60731
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function...
CVE-2025-60731
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function...
CVE-2025-60731
PerfreeBlog v4.0.11 is affected by a File Upload vulnerability in the installTheme function. The CVE-2025-60731 entry indicates a network-based, high-severity issue (CVSS 3.1: 7.6, Impact: Confidentiality High, Availability Low, Integrity Low) that can be triggered without user interaction, with ...
PT-2024-21946 · Wondercms · Wondercms
Name of the Vulnerable Software and Affected Versions: WonderCMS version 3.1.3 Description: A Server-Side Request Forgery SSRF issue in the installUpdateThemePluginAction function allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the...
The vulnerability of the CMS system Pixelimity lies in the lack of measures to cleanse input data, allowing attackers to execute arbitrary code.
The vulnerability of the CMS system Pixelimity is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through admin/admin-ajax.php?action=installtheme remotely...
CVE-2022-28590
A Remote Code Execution RCE vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=installtheme...
Pixelimity 安全漏洞
Pixelimity is a PHP-based open source CMS Content Management System. A security vulnerability exists in Pixelimity version 1.0, which stems from a Remote Code Execution RCE vulnerability in admin/admin-ajax.php?action=installtheme...