CVE-2026-39337 ChurchCRM Affected by Unauthenticated RCE in Install Wizard

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2026-39337 ChurchCRM Affected by Unauthenticated RCE in Install Wizard

ChurchCRM is an open-source church management system. Prior to 7.1.0, critical pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard allows unauthenticated attackers to inject arbitrary PHP code during the initial installation process, leading to complete server...

CVE-2025-62521

Summary: CVE-2025-62521 affects ChurchCRM before 5.21.0. A pre-authentication RCE exists in the setup wizard due to unsanitized user input in setup/routes/setup.php, which is directly concatenated into a PHP configuration template and written to Include/Config.php, then executed on every page loa...

EUVD-2008-7060

Malware in sbrugna...

How to avoid potentially unwanted programs

If youve ever downloaded software onto your computer, chances are youve unknowingly cluttered your machine with PUPs. Heres what you need to know about these sneaky programs. What are PUPs? If you're thinking baskets of doe-eyed baby dogs, then you're sadly mistaken. PUPs is the acronym for...

WP Security Audit Log < 4.0.2 - Broken Access Control in First-Time Install Wizard

Broken access control vulnerability affecting version 4.0.1 and below that could lead to privilege escalation, sensitive data exposure and insecure deserialisation. To exploit the vulnerability, the wizard must not have been completed, otherwise it won’t work...

Lepton CMS 2.2.0 / 2.2.1 - PHP Code Injection

Exploit for php platform in category web applications + Credits: John Page HYP3RLINX Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON is an easy-to-use but full customizable Content Management System CMS. Vulnerability...

Lepton CMS 2.2.02.2.1 - PHP Code Injection

Lepton CMS 2.2.02.2.1 - PHP Code Injection + Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product:...

Lepton CMS 2.2.0/2.2.1 - PHP Code Injection

Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON...

Lepton CMS 2.2.0 / 2.2.1 PHP Code Injection

Credits: John Page HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.lepton-cms.org Product: ================================= Lepton CMS 2.2.0 / 2.2.1 update LEPTON...

How to Migrate Veeam ONE Deployment

Purpose This article documents the procedure for migrating Veeam ONE to a different machine. This can be useful if: The machine where Veeam ONE is currently installed runs an OS that is no longer supported by the version of Veeam ONE you plan to upgrade to. Your existing Veeam ONE deployment shar...

CRE Loaded version => 6.2 (install.php) Vulnerability

Exploit for php platform in category web applications ===================================================== CRE Loaded version = 6.2 install.php Vulnerability ===================================================== +: Date: 2010-09-13 +: Author: CTRL +: Software Link: http://creloaded.org/ +:...

DotNetNuke 4.0 <= 5.1.4 Information Disclosure Vulnerability

DotNetNuke is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2009-4109

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information...

Information disclosure

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information...

CVE-2009-4109

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information...

CVE-2009-4109

Affected software: DotNetNuke 4.0 through 5.1.4. Vulnerability: The install wizard does not prevent anonymous users from accessing upgrade-determination functionality, allowing remote attackers to access version information and possibly other sensitive data. Root cause / mechanism: Information di...

CVE-2009-4109

The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information...

CVE-2008-7101

Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information portal number by accessing the install wizard page via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 allows remote attackers to obtain sensitive information portal number by accessing the install wizard page via unknown vectors...