CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

File Upload Vulnerability in YouDianCMS (CNVD-2024-34730)

YouDianCMS is a domestic open source five-station outstanding solution. YouDianCMS has a file upload vulnerability that can be exploited by attackers to execute malicious php code to achieve remote code execution...

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw CVE-2022-24086, CVSS score: 9.8 in Adobe Commerce and Magento Open Source...

Remote code execution

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...

Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected...

CVE-2021-39459

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code...

Unspecified Vulnerability in Nagios

Nagios is a set of open source and free network monitoring tools from the American company Nagios. A security vulnerability exists in Nagios Fusion version 4.1.8 and earlier, which can be exploited by an attacker to escalate privileges to Nagios by installing a malicious component containing PHP...

Design/Logic Flaw

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server...

Path traversal

A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users'photoppreview' delete photo feature, allowing bypass of .htaccess protection...

Code injection

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

CVE-2019-16124

In YouPHPTube 7.4, the file install/checkConfiguration.php has no access control, which leads to everyone being able to edit the configuration file, and insert malicious PHP code...

Rare Steganography Hack Can Compromise Fully Patched Websites

An unusual steganographic technique that an attacker can use to implant a malicious webshell on unsuspecting websites has been spotted in Latin America. According to research from Trustwave shared exclusively with Threatpost, a forensic investigation showed that an adversary is implanting PHP cod...

Server side request forgery (ssrf)

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

CVE-2019-9642

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

Gcards 1.13 Addnews.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20461/info gcards is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to have malicious PHP code execute in the context of...

Plantilla list_main_pages.php nfolder Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/22669/info Simple Plantilla PHP is prone to multiple input-validation issues, including a local file-include vulnerability and an arbitrary file-upload vulnerability. Attackers can exploit the local file-include...

Reporter 1.0 Mambo Component Reporter.sql.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19553/info Reporter a Mambo component is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include arbitrary remote files...

MarmaraWeb E-Commerce Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15877/info E-commerce is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary...

I-RATER Platinum Config_settings.TPL.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17731/info I-RATER Platinum is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an...

Premod SubDog 2 includes/logger_engine.php phpbb_root_path Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/22912/info Premod SubDog 2 is prone to multiple remote file-include vulnerabilities. An attacker can exploit these issues to include an arbitrary remote file containing malicious PHP code and execute it in the context of...