CVE-2020-25557

In CMSuno 1.6.2, an attacker can inject malicious PHP code as a “username” while changing his/her username & password. After that, when attacker logs in to the application, attacker’s code will be run. As a result of this vulnerability, authenticated user can run command on the server. Recent...

CVE-2020-26124

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...

Code injection

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because jsonencodesafe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating...

CVE-2020-12842

CVE-2020-12842 affects ismartgate PRO 1.5.9. Red Hat and CNVD entries describe a privilege-escalation in /cron/checkUserExpirationDate.php via appended PHP code. No exploitation details are provided in the connected documents. Impact is described as privilege escalation; remediation is not specif...

CVE-2020-6143

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this...

CVE-2020-6143

A remote code execution vulnerability exists in the install functionality of OS4Ed openSIS 7.4. The password variable which is set at line 122 in install/Step5.php allows for injection of PHP code into the Data.php file that it writes. An attacker can send an HTTP request to trigger this...

CVE-2020-6143

CVE-2020-6143 affects OS4Ed openSIS 7.4 install functionality. The install/Step5.php writes Data.php using user-provided values, and the password field (line 122) can inject PHP code, enabling remote code execution via a crafted HTTP request. Exploitation results in arbitrary code execution on th...

D-Link Central WiFi Manager CWM(100) RCE

This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM100 versions below v1.03R0100BETA6. The vulnerability exists in the username cookie, which is passed to eval without being sanitized. Dangerous functions are not disabled by default, which makes it possible ...

D-Link Central WiFi Manager CWM(100) Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Central WiFi Manager CWM100 RCE', 'Description' = %q This module exploits a PHP code injection vulnerability in D-Link Central WiFi Manage...

CVE-2020-7206

HP nagios plugin for iLO nagios-plugins-hpilo v1.50 and earlier has a php code injection vulnerability...

CVE-2020-7206

HP nagios plugin for iLO nagios-plugins-hpilo v1.50 and earlier has a php code injection vulnerability...

CVE-2020-7206

HP nagios plugin for iLO nagios-plugins-hpilo v1.50 and earlier has a php code injection vulnerability...

CVE-2020-7206

CVE-2020-7206 concerns a php code injection vulnerability in the HP nagios plugin for iLO (nagios-plugins-hpilo) affecting version 1.50 and earlier. Connected sources confirm the vulnerability exists in this plugin, but do not provide concrete exploit details, affected file paths, or exact root-c...

CVE-2020-5593

Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file...

CVE-2020-5593

Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file...

CVE-2020-5593

Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP code injection attacks by leading a user to upload a specially crafted .zip file...

CVE-2020-5593

Zenphoto shows a concrete code-injection vulnerability CVE-2020-5593 in versions prior to 1.5.7. An attacker can trigger arbitrary PHP code execution on the server by convincing a user to upload a specially crafted ZIP file; the issue stems from how the ZIP payload is processed. Affected product:...

PlaySMS index.php Unauthenticated Template Injection Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS index.php Unauthenticated Template Injection Code Execution', 'Description' = %q This module exploits a preauth Server-Side Template...

Codiad Web IDE Code Injection Vulnerability

Codiad Web IDE is Codiad project a set of Web-based IDE Integrated Development Environment. A code injection vulnerability exists in Codiad Web IDE 2.8.4 and earlier versions, which can be exploited by an attacker to inject PHP code...

CVE-2019-19208

Codiad Web IDE through 2.8.4 allows PHP Code injection...