Squiz Matrix CMS 5.5.x.x Code Execution / Information Disclosure Vulnerabilities

Exploit for php platform in category web applications Introduction ============ ZX Security identified several vulnerabilities the Squiz Matrix CMS that can be chained together to gain pre-authenticated remote code execution in some circumstances. Affected Versions ================= The issues in...

CVE-2019-14424

A Local File Inclusion LFI issue in the addon CUx-Daemon 1.11a of the eQ-3 Homematic CCU-Firmware 2.35.16 until 2.45.6 allows remote authenticated attackers to read sensitive files via a simple HTTP Request...

Mantis <= 1.1.1 LFI

LFI Vulnerability in language parameter. This exploit is dangerous. Because the LFI is done with require on a value saved in SQL, if the path is non-existent, the user account will be broken. Additionally, this value must be = 32chars MySQL vachar32 Vulnerability Type: Local File Include For the...