Design/Logic Flaw

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication...

CVE-2019-12826

A Cross-Site-Request-Forgery CSRF vulnerability in widgetlogic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets that are attached to widgets and then eval'd to dynamically determine their visibility by crafting a maliciou...

Cross site request forgery (csrf)

A Cross-Site-Request-Forgery CSRF vulnerability in widgetlogic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets that are attached to widgets and then eval'd to dynamically determine their visibility by crafting a maliciou...

CVE-2019-12826

CVE-2019-12826 affects the WordPress Widget Logic plugin (widget_logic.php) prior to version 5.10.2. The vulnerability is a CSRF that allows remote attackers to inject and execute PHP code by crafting a malicious POST request, leveraging snippets stored in widgets that are eval’d to determine vis...

CVE-2018-19462

admin\db\DoSql.php in EmpireCMS through 7.5 allows remote attackers to execute arbitrary PHP code via SQL injection that uses a .php filename in a SELECT INTO OUTFILE statement to admin/admin.php...

Directory traversal

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajaxupload...

CVE-2016-10751

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajaxupload...

CVE-2016-10751

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajaxupload...

CVE-2016-10752

serendipitymoveMediaDirectory in Serendipity 2.0.3 allows remote attackers to upload and execute arbitrary PHP code because it mishandles an extensionless filename during a rename, as demonstrated by "php" as a filename...

CVE-2016-10751

osClass 3.6.1 contains a Directory Traversal in oc-admin/plugins.php via the plugin parameter, enabling remote PHP code execution by uploading a PHP-containing image through index.php?page=ajax&action=ajax_upload. Exploitation details are described in multiple sources; the root cause is improper ...

Cross site request forgery (csrf)

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code...

CVE-2019-11456

Gila CMS 1.10.1 allows fm/save CSRF for executing arbitrary PHP code...

CVE-2019-11376

SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a ?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own...

Maccms Arbitrary PHP Code Execution Vulnerability

Maccms is a PHP-based content management system CMS for film and television. A code injection vulnerability exists in Maccms version 10. A remote attacker can exploit this vulnerability to inject and execute arbitrary PHP code...

CVE-2019-9825

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature...

CVE-2019-9651

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...

CVE-2019-9651

CVE-2019-9651 pertains to SDCMS v1.7, where the check_bad() filtering in the file \app\admin\controller\themecontroller.php is insufficiently strict. This allows PHP code execution because dangerous functions (e.g., eval) are blocked while others (e.g., system) are not, and because blocking ".php...

CVE-2019-9651

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...

Simple Machines Forum Code Injection Vulnerability

Simple Machines Forum SMF is an open source web forum system by the SMF team in the United States. A security vulnerability exists in SMF version 2.0.4. An attacker can exploit the vulnerability to inject PHP code with the help of the 'dictionary' parameter...

CVE-2019-9581

phpscheduleit Booked Scheduler 2.7.5 allows arbitrary file upload via the Favicon field, leading to execution of arbitrary Web/custom-favicon.php PHP code, because Presenters/Admin/ManageThemePresenter.php does not ensure an image file extension...