8 matches found
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37137
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection
PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...
CVE-2020-37137
CVE-2020-37137 affects PHP-Fusion 9.03.50. The remote code execution vulnerability resides in the add_panel_form() path where eval() processes unsanitized POST data (panel_content) sent to panels.php, enabling arbitrary code execution. Exploitation details and PoCs are referenced in the connected...
PT-2026-6580
Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The software contains a remote code execution issue in the add panel form function. This allows attackers to execute arbitrary code through the use of an eval function with unsanitized data received via...
WP-Reply Notify <= 1.1 - Settings Update via CSRF
Description The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Make an admin open an HTML page containing the following: document.forms0.submit;...
Doorgets CSRF Vulnerability
With this vulnerability you can change the configuration of the site. Title Slogan Description Copyright Year of creation Keywords ID Facebook Disqus doorgets-home doorgets-light 0day.today 2018-04-03...