CVE-2026-48907

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

CVE-2026-48907 Joomla Extension - joomlacontenteditor.net - Remote Code Execution in JCE extension for Joomla < 2.9.99.5

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution...

CVE-2018-25409

SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by submitting PHP code through the fupload parameter. Attackers can upload PHP files via the aksipengurus.php endpoint with module=pengurus and act=update parameters, which...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload when the application accepts or prefers a client-supplied MIME type. An attacker can upload files containing executable PHP code by submitting files with a benign MIME type, potentially leading to code execution if...

EUVD-2017-3366

Malware in sbrugna...

EUVD-2019-18296

Malware in sbrugna...

EUVD-2007-1998

Malware in sbrugna...

EUVD-2007-6607

Malware in sbrugna...

EUVD-2006-5100

Malware in sbrugna...

EUVD-2019-7620

Malware in sbrugna...

EUVD-2017-8073

Malware in sbrugna...

EUVD-2007-0263

Malware in sbrugna...

EUVD-2021-11874

Malware in sbrugna...

EUVD-2008-6415

Malware in sbrugna...

EUVD-2022-2496

Malicious code in bioql PyPI...

CVE-2019-9825

FeiFeiCMS 4.1.190209 allows remote attackers to upload and execute arbitrary PHP code by visiting index.php?s=Admin-Index to modify the set of allowable file extensions, as demonstrated by adding php to the default jpg,gif,png,jpeg setting, and then using the "add article" feature...

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

VulnCheck KEV: CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

ArForms < 6.6 - Unauthenticated RCE

Description The plugin allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form PoC 1. Create a form with an upload input 2. As an unauthenticated user, upload an image file and intercept the request. 3...

PT-2020-6318

Name of the Vulnerable Software and Affected Versions wp-file-manager plugin versions prior to 6.9 Description The issue allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This allows attackers ...