CVE-2026-10172 Bdtask Multi-Store Inventory Management System Component Module.php upload unrestricted upload

A security flaw has been discovered in Bdtask Multi-Store Inventory Management System 1.0. The affected element is the function Upload of the file application/modules/dashboard/controllers/Module.php of the component Component Module. The manipulation of the argument module results in unrestricte...

CVE-2026-10172

The CVE-2026-10172 entry concerns Bdtask Multi-Store Inventory Management System 1.0. The vulnerability lies in the Upload function of the file application/modules/dashboard/controllers/Module.php within the Module component, where manipulating the module argument yields unrestricted file upload....

PT-2026-42495

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in delete module.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters module choice, flag, confirmation directly into...

CVE-2024-42618

Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /module.php?module=karma...

CVE-2024-42618

CVE-2024-42618 affects Pligg CMS (also referred to as Kliqqi CMS) v2.0.2. The vulnerability is a Cross-Site Request Forgery (CSRF) that can be triggered via the endpoint /module.php?module=karma, allowing an attacker to forge a request on behalf of a logged-in user. No explicit exploit details ar...

PT-2024-13351 · Vtiger · Vtiger Crm

Name of the Vulnerable Software and Affected Versions: Vtiger CRM version 7.5.0 Description: The issue allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file, which is executed on every page load...

CVE-2023-46304

Vtiger CRM 7.5.0 contains a vulnerability in modules/Users/models/Module.php where an unprotected endpoint allows a remote authenticated attacker to write arbitrary PHP code to config.inc.php, which is then executed on every page load. The issue enables remote code execution by leveraging this pa...

Cross site request forgery (csrf)

Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/uploadmain.php can be used for the upload itself...

CVE-2016-10756

Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/uploadmain.php can be used for the upload itself...

CVE-2016-10756

CVE-2016-10756 affects Kliqqi 3.0.0.5. A CSRF flaw enables configuring the upload of PHP files via module.php?module=upload and then using modules/upload/upload_main.php to perform the upload, resulting in Arbitrary File Upload. The Red Hat advisory and CNVD/CVE records corroborate a CSRF path le...

VisualShapers EZContents 1.4/2.0 Module.PHP Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9396/info A problem in handling of specific types of input passed to the module.php script in VisualShapers ezContents has been discovered. Because of this, an attacker may be able to gain unauthorized access to vulnerabl...

CVE-2012-2937

Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the 1 list parameter in a move action to admin/adminindex.php, 2 display parameter in a minimize action to admin/adminindex.php, 3 enabled parameter to admin/adminusers.ph...

Pligg CMS 1.2.1 SQL注入漏洞

Bugtraq ID: 53625 Pligg CMS是一款内容管理系统。 Pligg CMS包含的admin/adminindex.php，admin/adminusers.php，module.php脚本不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可获得数据库信息或控制应用系统。 0 Pligg CMS 1.2.1 厂商解决方案 Pligg CMS 1.2.2已经修复此漏洞，建议用户下载使用： http://forums.pligg.com/downloads.php?do=file&id=15...

PhpGedView module.php pgvaction Parameter Traversal Local File Inclusion

The web server hosts PhpGedView, a web-based real estate listing management application written in PHP. The version of PhpGedView installed on the remote host fails to sanitize user input to the 'pgvaction' parameter of the 'module.php' script before using it to include PHP code. Regardless of...

CVE-2010-4634

osTicket 1.6 is affected by a directory traversal vulnerability. The issue allows remote attackers to read arbitrary files by supplying .. sequences in the file parameter to module.php, a vulnerability described across CVE-2010-4634. The description notes this is a separate vector from CVE-2005-1...

PT-2010-5598 · Osticket · Osticket

Name of the Vulnerable Software and Affected Versions: osTicket version 1.6 Description: A directory traversal issue allows remote attackers to read arbitrary files by using a .. dot dot in the file parameter to "module.php". This issue has been disputed by a reliable third party. Recommendations...

Cross site scripting

Cross-site scripting XSS vulnerability in module.php in PHPFABER CMS, possibly 1.3.36, allows remote attackers to inject arbitrary web script or HTML via the mod parameter...

CVE-2009-4382

CVE-2009-4382 affects phpFaber CMS, likely in module.php, where user-supplied mod parameter enables cross-site scripting (XSS). Public records indicate PHPFaber CMS 1.3.36 is vulnerable; root cause is insufficient sanitization of input, allowing arbitrary script/HTML injection. The vulnerability ...

Directory traversal

module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" doubled dot dot slash sequences in the link parameter, which is not properly filtered using the strreplace function...

CVE-2008-7055

module.php in ezContents 2.0.3 allows remote attackers to bypass the directory traversal protection mechanism to include and execute arbitrary local files via "....//" doubled dot dot slash sequences in the link parameter, which is not properly filtered using the strreplace function...