CVE-2020-5558

CVE-2020-5558 affects CuteNews 2.0.1 (CutePHP CuteNews). A remote authenticated attacker can execute arbitrary PHP code due to a PHP code execution vulnerability (CWE-94). Impact described by NVD: high severity (CVSS v3.1 base score 8.8), network attack vector, low attack complexity, privileges r...

mailform vulnerable to PHP code execution

Overview mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. During the meeting of Committee for authorizing the disclosure of unresolved...

JVN#58176087: Cute News vulnerable to PHP code execution

Cute News provided by CutePHP.com is a system to manage news. Cute News contains a PHP code execution vulnerability CWE-94. Impact A user who can login to CuteNews may execute arbitrary PHP code. Solution Consider stop using Cute News 2.1.2 Since the developer was unreachable, existence of any...

JVN#77634892: mailform vulnerable to PHP code execution

mailform provided by keitai-site.net is a PHP script providing a mail form function to a website. mailform contains a PHP code execution vulnerability CWE-94 on the server where the product is running. Impact Arbitrary PHP code may be executed on the server where the product is running. Solution...

Unrestricted file upload

Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a or use an existing directory that is externally accessible to store PHP files. The filename and the exac...

Horde 5.2.22 CSV Import Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Horde CSV import arbitrary PHP code execution', 'Description' = %q The HordeData module version 2.1.4 and before present in Horde Groupware versi...

Unraid 6.8.0 Auth Bypass PHP Code Execution

This module exploits two vulnerabilities affecting Unraid 6.8.0. An authentication bypass is used to gain access to the administrative interface, and an insecure use of the extract PHP function can be abused for arbitrary code execution as root. This module requires Metasploit:...

PT-2024-5186

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. An arbitrary file write vulnerability, exploitable through the "Package Import" feature, allows authenticated users having th...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

CVE-2020-10567

An issue was discovered in Responsive Filemanager through 9.14.0. In the ajaxcalls.php file in the saveimg action in the name parameter, there is no validation of what kind of extension is sent. This makes it possible to execute PHP code if a legitimate JPEG image contains this code in the EXIF...

CVE-2020-10567

CVE-2020-10567 affects Responsive Filemanager up to version 9.14.0. The vulnerability is in ajax_calls.php, case 'save_img', where the name parameter’s extension is not validated. An attacker (often authenticated in affected apps like ZwiiCMS) can craft a JPEG with malicious EXIF data and a .php ...

CVE-2011-4906

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...

Unrestricted file upload

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code execution...

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

CVE-2013-4225

The RESTful Web Services (RESTWS) module for Drupal is vulnerable in versions 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 due to insufficient restriction of access to entity write operations. This allows remote authenticated users with permissions such as "access resource node" and "create ...

CVE-2014-5091

Status2K 2.5 Server Monitoring Software is affected by CVE-2014-5091 via the multies parameter to includes/functions.php, which could allow an attacker to execute arbitrary PHP code. Affected component: the server monitoring software’s PHP code path, specifically includes/functions.php, with the ...

Remote code execution

vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability...

CVE-2013-3629

CVE-2013-3629 affects ISPConfig 3.0.5.2. The Red Hat/NVD/CVE records and related sources describe an Arbitrary PHP Code Execution vulnerability. The root cause is a flaw in ISPConfig’s content/language handling that allows an authenticated user to cause arbitrary PHP code execution on the server ...