Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. PoC 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice...

Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution

The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice. 2. ...

CVE-2021-43258

CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...

Privilege escalation

An arbitrary file upload vulnerability in the component /phpaction/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-39297

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the...

CVE-2022-39298

MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of...

CVE-2022-39297

CVE-2022-39297 affects melisplatform/melis-cms prior to 5.0.1. The issue is a deserialization vulnerability that allows an attacker to deserialize untrusted data, ultimately executing arbitrary PHP code on the system without authentication. The root cause is improper handling of user-controlled d...

CVE-2022-39297 Deserialization of untrusted data in MelisCms

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the...

CVE-2022-39298

MelisFront (melis-front) on Melis Platform contains a deserialization of untrusted data vulnerability that enables arbitrary PHP code execution. The issue affects affected versions of melisplatform/melis-front and can be exploited without authentication. The root cause is deserializing user-contr...

PT-2022-24879 · Melisplatform · Melis-Cms

Name of the Vulnerable Software and Affected Versions: melisplatform/melis-cms versions prior to 5.0.1 Description: The issue allows attackers to deserialize arbitrary data on affected versions of melisplatform/melis-cms, leading to the execution of arbitrary PHP code on the system. This attack...

Design/Logic Flaw

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function fileputcontents. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

GHSA-JJ62-MC3M-J769 FeehiCMS has an arbitrary file upload vulnerability

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code...

CVE-2020-21516

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...

Design/Logic Flaw

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...

CVE-2020-21516

FeehiCMS 2.0.8 contains an arbitrary file upload vulnerability in the head image/avatar upload pathway, enabling attackers to execute PHP code on the server. The issue is documented across multiple sources (including Red Hat, Veracode, GHSA, OSV, and NVD) with CVSS v3.1 base score 9.8 (CRITICAL, ...

CVE-2020-21516

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...

CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

PT-2022-22647 · Unknown · Solarview Compact Sv-Cpt-Mc310

Name of the Vulnerable Software and Affected Versions: SolarView Compact SV-CPT-MC310 versions 7.23 and earlier SolarView Compact SV-CPT-MC310F versions 7.23 and earlier Description: The image file management page contains an insufficient verification issue when uploading files. This can be...