132 matches found
CVE-2024-9047 WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...
CVE-2024-9047 WordPress File Upload <= 4.24.11 - Unauthenticated Path Traversal to Arbitrary File Read and Deletion in wfu_file_downloader.php
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.11 via wfufiledownloader.php. This makes it possible for unauthenticated attackers to read or delete files outside of the originally intended directory. Successful exploitatio...
CVE-2024-9047
CVE-2024-9047 affects the WordPress WordPress File Upload plugin up to version 4.24.11. The vulnerability is a path traversal in wfu_file_downloader.php that allows unauthenticated attackers to read or delete files outside the intended directory on WordPress sites running PHP 7.4 or earlier. Conn...
RHSA-2023:2903 Red Hat Security Advisory: php:7.4 security update
Bulletin has no description...
RHSA-2022:6541 Red Hat Security Advisory: php:7.4 security update
Bulletin has no description...
RHSA-2022:6542 Red Hat Security Advisory: php:7.4 security update
Bulletin has no description...
RHSA-2022:7628 Red Hat Security Advisory: php:7.4 security, bug fix, and enhancement update
Bulletin has no description...
RHSA-2022:1935 Red Hat Security Advisory: php:7.4 security update
Bulletin has no description...
RHSA-2022:6158 Red Hat Security Advisory: php:7.4 security update
Bulletin has no description...
RHSA-2022:5467 Red Hat Security Advisory: php:7.4 security update
Bulletin has no description...
RHSA-2022:5471 Red Hat Security Advisory: php:7.4 security update
Bulletin has no description...
CVE-2023-6971
The Backup Migration plugin for WordPress (versions 1.0.8–1.3.9) is affected by CVE-2023-6971 due to a Remote File Inclusion via the content-dir header, enabling unauthenticated code execution when PHP is configured with allow_url_include=-on. The issue is exploitable under specific PHP configura...
CVE-2023-6971
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of...
Backup Migration 1.0.8 - 1.3.9 - Remote File Inclusion via content-dir
Description The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful...
Design/Logic Flaw
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue...
CVE-2023-46726 GLPI Remote code execution from LDAP server configuration form on PHP 7.4
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue...
CVE-2023-46726
GLPI (free IT Asset Management) versions before 10.0.11 on PHP 7.4 are affected by CVE-2023-46726: LDAP server configuration form can be abused to execute arbitrary code uploaded as a GLPI document. Version 10.0.11 includes a patch. Remediation is to upgrade to a version containing the fix (per t...
CVE-2023-46726 GLPI Remote code execution from LDAP server configuration form on PHP 7.4
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, on PHP 7.4 only, the LDAP server configuration form can be used to execute arbitrary code previously uploaded as a GLPI document. Version 10.0.11 contains a patch for the issue...
GLPI -- multiple vulnerabilities
GLPI team reports: GLPI 10.0.11 Changelog SECURITY - moderate Authenticated SQL Injection CVE-2023-43813 SECURITY - high SQL injection through inventory agent request CVE-2023-46727 SECURITY - high Remote code execution from LDAP server configuration form on PHP 7.4 CVE-2023-46726...
Rocky Linux 8 : php:7.4 (RLSA-2022:6158)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:6158 advisory. - In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the...