32 matches found
ionCube Tester Plus <= 1.3 - Local File Inclusion
The ionCube Tester Plus plugin for WordPress versions = 1.3 is vulnerable to unauthenticated arbitrary file read via path traversal. The 'ininame' parameter in loader-wizard.php is not properly sanitized, allowing attackers to read sensitive files such as wp-config.php and /etc/passwd without...
CVE-2025-69411
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through = 1.3...
EUVD-2025-208309
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through = 1.3...
CVE-2025-69411
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through = 1.3...
CVE-2025-69411
CVE-2025-69411 pertains to the ionCube tester plus WordPress plugin (ioncube-tester-plus) and is an authenticated? no—unauthenticated arbitrary file download via path traversal. The Nuclei template confirms Local File Inclusion/Arbitrary File Read via the loader-wizard.php parameter 'ininame' in ...
CVE-2025-69411 WordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through = 1.3...
CVE-2025-69411 WordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ionCube tester plus: from n/a through = 1.3...
WordPress plugin ionCube tester plus 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...
PT-2026-23148
Name of the Vulnerable Software and Affected Versions ionCube tester plus versions through 1.3 Description The software contains a flaw related to improper limitation of a pathname to a restricted directory, also known as Path Traversal. This allows an attacker to potentially access files and...
WordPress ionCube tester plus plugin <= 1.3 - Arbitrary File Download vulnerability
Arbitrary File Download vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin ionCube tester plus versions = 1.3...
📄 ionCube Loader Wizard 14.4.0 Scanner
ionCube Loader Wizard version 2.34 scanner that look for the installation file and displays PHP info to gather more information about the target. ============================================================================================================================================= | Title :...
EUVD-2007-5423
Malware in sbrugna...
ioncube.com Cross Site Scripting vulnerability OBB-4037243
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ioncube.com Cross Site Scripting vulnerability OBB-4034537
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
AgentTesla Builder Web Panel SQL Injection Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7B.txt Contact: email protected Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: SQL Injection Description: The AgentTeslaBuilder WebUI uses...
AgentTesla Builder Web Panel Cross Site Scripting Vulnerability
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: email protected Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder WebU...
CVE-2020-15612 — CentOS Web Panel Authentication Bypass/RCE
This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxftpmanager.php. When parsing the userLogin parameter, the process...
WordPress Users Warned of Malware Masquerading as ionCube Files
Security researchers are warning WordPress and Joomla admins of a sneaky new malware strain masquerading as legitimate ionCube files. The malware, dubbed ionCube Malware, is used by cybercriminals to create backdoors on vulnerable websites allowing them to steal data or plant more malware. In the...
ionCube loader-wizard.php Remote Information Disclosure
The ionCube 'loader-wizard.php' script hosted on the remote web server is affected by a remote information disclosure vulnerability because the script fails to properly sanitize user-supplied input to the 'ininame' parameter. An attacker could potentially leverage this to view arbitrary files by...
ionCube loader-wizard.php Accessible
ionCube, an encoding and PHP file security tool written in PHP, is running on the remote host. The 'loader-wizard.php' script that contains setup and configuration assistance and provides access to sensitive information about the web server is accessible to remote, unauthenticated users...