14 matches found
PT-2026-41895
Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description A race condition exists in the '/data api/dl internal artifact.php' endpoint. The application downloads object properties based on the guid parameter and saves the content i...
CVE-2026-25129
PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...
EUVD-2022-28158
Malicious code in bioql PyPI...
CVE-2023-48965
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...
Design/Logic Flaw
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...
CVE-2023-48965
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...
CVE-2023-48965
An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...
Arbitrary File Upload
express-fileupload is vulnerable to arbitrary file upload. It does not restrict an attacker from uploading a malicious PHP file to execute arbitrary code...
Abusing Backup/Restore feature to achieve Remote Code Execution
Description Admin can use Backup modules to upload a malicious PHP file, which can lead to RCE. Proof of Concept + Log in as admin, navigate to Modules - Backup: https://demo.microweber.org/demo/admin/view:modules/loadmodule:adminbackup + Prepare a malicious PHP file, in this case info2.php +...
CVE-2019-14467
The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked...
CVE-2019-3960
Unrestricted upload of file with dangerous type in WallacePOS 1.4.3 allows a remote, authenticated attacker to execute arbitrary code by uploading a malicious PHP file...
Phishing Scam Cloaks Malware With Fake Google reCAPTCHA
A recently-discovered phishing scam was found peddling malware, using a new technique to mask its malicious landing page: A fake Google reCAPTCHA system. The campaign targeted a Polish bank and its users with emails, said researchers with Sucuri. These emails contained a link to a malicious PHP...
Centreon 2.6.x < 2.6.2 File Upload RCE
According to its version number, the Centreon application hosted on the remote web server is 2.6.x prior to 2.6.2. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of user-uploaded files via the main.php script. An authenticated, remote attacker can...
ttCMS 2.2 ttForum 1.1 - install.php?installdir Remote File Inclusion
ttCMS 2.2 ttForum 1.1 - install.php?installdir Remote File Inclusion source: https://www.securityfocus.com/bid/7542/info A remote file include vulnerability has been reported for both ttForum and ttCMS. Due to insufficient sanitization of some user-supplied variables by the 'News.php' and...