13 matches found
Arbitrary Code Injection
Overview evolutioncms/evolution is an Evolution CMS is a Content Management System, ex MODX Evolution Affected versions of this package are vulnerable to Arbitrary Code Injection via the post parameter in the module creation process. An attacker can execute arbitrary system commands by injecting...
CVE-2021-47939
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...
CVE-2021-47939
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...
CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...
CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...
CVE-2021-47939
Evolution CMS 3.1.6 is affected by an authenticated remote code execution vulnerability. Attackers with module-creation permissions can inject PHP code into module parameters and trigger execution by sending POST requests to /manager/index.php with malicious code in the post parameter. This can l...
Evolution CMS 代码注入漏洞
Evolution CMS is an open-source content management system based on PHP, developed by Evolution CMS. Version 3.1.6 of Evolution CMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated users with module creation permissions to execu...
PT-2026-39514
Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...
FeehiCMS 安全漏洞
FeehiCMS is a PHP-based CMS website building system developed by Liufee’s individual developers. The FeehiCMS v2.1.1 version contains a security vulnerability. This vulnerability stems from a storage-type cross-site scripting issue with the Title parameter used for creating/editing modules, which...
CVE-2021-33679
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence...
CVE-2021-33679
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence...
CVE-2019-0334
When creating a module in SAP BusinessObjects Business Intelligence Platform BI Workspace, versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other...
[Mercury v2.2.0] The Android Assessment Framework
Mercury is a security assessment framework for the Android platform. It allows you to dynamically interact with the Inter-Process Communication IPC endpoints exported by an application installed on a device. Mercury provides similar functionality to a number of static analysis tools, such as aapt...