15 matches found
EUVD-2017-14624
Malware in sbrugna...
WordPress Plugin Access Control Error Vulnerability (CNVD-2021-101476)
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...
CVE-2021-24816
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
CVE-2021-24816
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
Buffer overflow
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
CVE-2021-24816 Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The Phoenix Media Rename WordPress plugin before 3.4.4 does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own...
CVE-2021-24816
The CVE-2021-24816 entry concerns the WordPress plugin Phoenix Media Rename (versions prior to 3.4.4). The underlying issue is missing capability checks in the phoenix_media_rename AJAX action, allowing users with Author roles to rename any uploaded media files, including those they do not own. I...
WordPress 插件访问控制错误漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Plugin is a WordPress open source application plugin. access control error vulnerability in Wordpress...
Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. PoC As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993=edit, whic...
Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming
The plugin does not have capability checks in its phoenixmediarename AJAX action, which could allow users with Author roles to rename any uploaded media files, including ones they do not own. As an Author, go to the page to edit one of your own Media ie /wp-admin/post.php?post=1993&action=edit,...
WordPress Phoenix Media Rename plugin <= 3.4.2 - Arbitrary Media File Renaming vulnerability
Arbitrary Media File Renaming vulnerability discovered by apple502j in WordPress Phoenix Media Rename plugin versions = 3.4.2. Solution Update the WordPress Phoenix Media Rename plugin to the latest available version at least 3.4.4...
WBCE CMS File Rename Filter Bypass Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in the admin/media/rename.php file in WBCE CMS 1.4.0 and earlier versions. An attacker can exploit the vulnerability to rename media file names and extensions to execute arbitrary PHP...
Information disclosure
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the .php6, .php7 and .phtml extensions...
CVE-2017-5520
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the .php6, .php7 and .phtml extensions...
CVE-2017-5520
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the .php6, .php7 and .phtml extensions...