Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Veracode
Veracodeadded yesterday4 views

OS Command Injection

pheditor/pheditor is vulnerable to OS Command Injection. The vulnerability is due to improper sanitization of the user-controlled dir parameter, which allows an attacker to inject shell metacharacters and execute arbitrary operating system commands, bypassing command whitelist restrictions...

5.8AI score
Exploits1References2Affected Software1
OSV
OSVadded 3 days ago2 views

GHSA-JVC5-6G7Q-C843 Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' parameter

Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell metacharacters into the 'dir' POST parameter, completely bypassing the TERMINALCOMMANDS whitelist and achieving full Remote Code Execution...

9.9CVSS6.3AI score
Exploits1References3
GithubExploit
GithubExploitadded 2026/05/28 9:28 a.m.62 views

Exploit for CVE-2026-48030

CVE-2026-48030 — OS Command Injection in Pheditor Overview...

6.1AI score
Exploits1
Huntr
Huntradded 2021/12/26 2:54 a.m.11 views

Cross-Site Request Forgery (CSRF) in pheditor/pheditor

Description Hi there, there is a minor CSRF problem in your logout function, this will force the user to logout without their consent. Proof of Concept 1. Install phpeditor on your system 2. Login as admin 3. Go to this link /pheditor/pheditor.php?logout=1 4. See that you are logged out of...

0.2AI score
Exploits0
Huntr
Huntradded 2021/10/07 1:41 p.m.8 views

Session Fixation in pheditor/pheditor

Description Session Fixation vulnerability found in pheditor in which it doesn't expire the sessions after password update. Proof of Concept // PoC 1. Open normal tab and one private tab 2. Open the pheditor on both of them and log in as a user 3. From private tab change the user password and log...

Exploits0References1
Huntr
Huntradded 2021/10/02 3:25 a.m.4 views

in pheditor/pheditor

Description This issue allows an attacker to influence calls to the 'unlink' function and delete arbitrary files. https://github.com/pheditor/pheditor is vulnerable to DoS via Arbitrary file deletion. Proof of concept Vuln variable: $POST'path' Snippet: case 'delete': if isset$POST'path' &&...

1.1AI score
Exploits0References1
Huntr
Huntradded 2021/10/02 3:16 a.m.17 views

in pheditor/pheditor

Description With your new fix in https://github.com/pheditor/pheditor/commit/69a79e3ba7f4a9f844cf5919c14a953e4a0d1867, it is basically impossible to change the password now because you forgot to add in the CSRF token in the reset password functionality, hence the password cannot be changed from...

1.4AI score
Exploits0
Huntr
Huntradded 2021/09/14 7:2 a.m.31 views

Cross-site Scripting (XSS) - Reflected in pheditor/pheditor

Description Cross-Site Scripting XSS attacks are a type of injection, in which malicious scripts are injected into websites. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execut...

5.3AI score
Exploits0References2
Rows per page
Query Builder