CVE-2022-28055

Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function...

PT-2025-2189 · WordPress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress – Gamification plugin to reward points, achievements, badges & ranks in WordPress versions up to, and including, 7.2.1 Description: The issue arises due to the software allowing users to execute an action that does not properly...

WordPress GamiPress plugin <= 7.2.1 - Unauthenticated Arbitrary Shortcode Execution via gamipress_ajax_get_logs Function vulnerability

Unauthenticated Arbitrary Shortcode Execution via gamipressajaxgetlogs Function vulnerability discovered by mikemyers in WordPress Plugin GamiPress versions = 7.2.1...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

Milesight UR32L 操作系统命令注入漏洞

The Milesight UR32L is a 4G industrial router from China's Milesight. A command injection vulnerability exists in the Milesight UR32L vtyshubus getfwlogs function, which can be exploited by an attacker to execute arbitrary commands on the system...

Code injection

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files...