150 matches found
elFinder < 2.1.58 - Remote Code Execution
studio-42/elfinder before 2.1.58 contains a remote code execution caused by execution of PHP code in a .phar file, letting attackers execute arbitrary PHP code if the server parses .phar files as PHP, exploit requires server to parse .phar files as PHP. id: CVE-2021-23394 info: name: elFinder...
CLSA-2026-1777946242 php: Fix of 13 CVEs
CVE-2018-14883: fix int overflow leading to heap overflow in exifthumbnailextract - CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD - CVE-2019-9022: fix memcpy with negative length via crafted DNS response - CVE-2019-9640: fix invalid read in exifprocessSOFn - CVE-2019-11042:...
CVE-2026-25524
OpenMage LTS (Magento LTS unofficial fork) before v20.17.0 is affected by a Phar deserialization flaw. PHP functions getimagesize(), file_exists(), and is_readable() can deserialize when given phar:// stream wrapper paths, used during image validation/media handling with controllable file paths. ...
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
CVE-2019-16317
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different...
CVE-2023-53952 Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...
CVE-2023-53924
UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...
CVE-2023-53924
UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...
CVE-2023-53921
SitemagicCMS 4.4.3 contains a remote code execution vulnerability that allows attackers to upload malicious PHP files to the files/images directory. Attackers can upload a .phar file with system command execution payload to compromise the web application and execute arbitrary system commands...
CVE-2023-53889
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...
Serendipity 代码问题漏洞
Serendipity is a PHP-based blogging system by the Serendipity team. The system supports the creation of online journals, blogs, web pages, and more. A code issue vulnerability exists in Serendipity version 2.4.0, which stems from an authenticated attacker being able to upload malicious PHP files...
CVE-2023-53885
Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded fil...
CVE-2023-53889 Perch CMS 3.2 Remote Code Execution via Unrestricted File Upload
Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...
CVE-2023-53885 Webutler v3.2 Remote Code Execution via Arbitrary File Upload
Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded fil...
PT-2025-51307
Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description Perch CMS version 3.2 has a remote code execution issue. Authenticated administrators can upload arbitrary PHP files through the assets management interface. An attacker can upload a malicious .phar file...
PT-2025-51303
Name of the Vulnerable Software and Affected Versions Webutler version 3.2 Description Webutler version 3.2 has a flaw that permits authenticated administrators to upload PHP files capable of executing system commands. An attacker can upload a PHAR file containing embedded system commands through...
EUVD-2021-19460
Malware in sbrugna...
EUVD-2025-22535
Malicious code in bioql PyPI...
EUVD-2025-4263
Malicious code in bioql PyPI...