CVE-2019-19208

CVE-2019-19208 affects Codiad Web IDE up to version 2.8.4. The vulnerability is a PHP code injection vulnerability that, if exploited, can lead to arbitrary code execution on the server. The root cause is an injection point present before the initial configuration, enabling an attacker to run PHP...

CVE-2020-10389

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

Design/Logic Flaw

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2020-8518

CVE-2020-8518 is an RCE in Horde Groupware Webmail Edition 5.2.22 via CSV data import, caused by arbitrary PHP code injection in the Horde_Data component. The vulnerability allows authenticated users to execute code on the server hosting the web application. Affected versions include Horde Groupw...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2013-3214

vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'...

CVE-2013-3214

vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'...

CVE-2013-2267

FUDforum 3.0.4 and earlier are affected by a PHP code injection in /adm/admreplace.php due to insufficient validation of POST parameters regex_str, regex_str_opt and regex_with, allowing remote attackers to inject and execute arbitrary PHP code on the server with web server privileges (CWE-94). T...

CVE-2012-2931

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file...

SugarCRM PHP code injection vulnerability (CNVD-2019-34428)

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the EmailMan module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

SugarCRM PHP code injection vulnerability (CNVD-2019-34421)

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the MergeRecords module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

SugarCRM Configurator Module Directory Traversal Vulnerability

SugarCRM is a set of open source customer relationship management software . A directory traversal vulnerability exists in the Configurator module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...

CVE-2019-17308

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...

CVE-2019-17301

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user...

CVE-2019-17303

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...

CVE-2019-17306

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user...