CVE-2023-31502

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution RCE vulnerability via the component /models/managementmodel.php...

EUVD-2023-35807

Malicious code in bioql PyPI...

CVE-2023-28343

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...

CVE-2024-10273

In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models does not have appropriate privilege checks, enabling low-privilege users to update models they should not have access to...

CVE-2023-31502

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution RCE vulnerability via the component /models/managementmodel.php...

CVE-2023-31502

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution RCE vulnerability via the component /models/managementmodel.php...

Altenergy Power System Control Software 数据伪造问题漏洞

Altenergy Power System Control Software is microinverter control software from Altenergy Power System. A security vulnerability exists in Altenergy Power System Control Software version C1.2.5, which was discovered to contain a Remote Code Execution RCE vulnerability via component...

The vulnerability in the Altenergy Power Control software’s models/management_model.php script allows a perpetrator to elevate their privileges and execute arbitrary commands.

The vulnerability of Altenergy Power Control software is related to the execution of operating system commands in /settimezone. Exploiting this vulnerability allows a remote attacker to increase their privileges and execute arbitrary commands...

CVE-2020-23327

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model...

CVE-2020-23327

Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model...

Z-BlogPHP 跨站脚本漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. A security vulnerability exists in Z-BlogPHP version v.1.0. A local attacker exploited the vulnerability to execute arbitrary code via a specially crafted payload in the title parameter of the module management model...

PT-2023-11646 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: ZblogPHP version 1.0 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted payload in the title parameter of the module management model. Recommendations: For ZblogPHP version 1.0, avoid usi...

Command injection

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/settimezone timezone parameter, because of settimezone in models/managementmodel.php...