1986 matches found
Security Bulletin: IBM API Connect Developer Portal is affected by arbitrary PHP code execution vulnerability in Drupal (CVE-2019-6340)
Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-6340 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary PHP code on the system, caused by improper input validation in some field types. By sending a specially-crafted...
Code injection
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzztemplate.php file, the parserIfLabel function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring...
CVE-2019-9041
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzztemplate.php file, the parserIfLabel function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring...
CVE-2019-9041
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzztemplate.php file, the parserIfLabel function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring...
CVE-2019-9041
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzztemplate.php file, the parserIfLabel function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring...
Highly Critical Drupal CMS Flaw Affects Millions of Websites
The Drupal open-source content management system platform has issued an advisory for a highly critical remote-code execution RCE flaw in the Drupal core. The vulnerability CVE-2019-6340 arises from the fact that “some field types do not properly sanitize data from non-form sources,” according to...
Another Critical Flaw in Drupal Discovered — Update Your Site ASAP!
Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site. The update came two days after the Drupal securi...
Drupal core - Highly critical - Remote Code Execution
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...
Drupal RCE Vulnerability (SA-CORE-2019-003) - Windows
Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Drupal RCE Vulnerability (SA-CORE-2019-003) - Linux
Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
drupal -- Drupal core - Highly critical - Remote Code Execution
Drupal Security Team Some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...
CVE-2019-8908
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox configuration - Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header...
CVE-2019-8908
CVE-2019-8908 affects WTCMS 1.0. An arbitrary PHP code execution is possible by visiting Settings → Mailbox configuration → Registration email template and uploading an image file, demonstrated with a .php filename and the Content-Type: image/gif header. The issue is triggered through the image u...
CVE-2019-7718
MetInfo 6.x contains a race condition in the backend database backup function. The issue allows an attacker to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=
CVE-2018-20775
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
CVE-2018-20775
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
CVE-2018-20773
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...
Code injection
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
Design/Logic Flaw
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...
CVE-2018-20773
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...