CVE-2018-20775

The CVE-2018-20775 entry concerns Frog CMS 0.9.5 where the admin/?/plugin/file_manager exposes a flaw that allows an attacker to create a new .php file containing PHP code and access it via the public/ URI, enabling PHP code execution. This aligns with the NVD description of a file-manager vulner...

CVE-2018-20775

admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...

CVE-2018-20773

CVE-2018-20773 affects Frog CMS 0.9.5, where an attacker can achieve PHP code execution by visiting admin/?/page/edit/1 and injecting additional

CVE-2018-20773

Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...

CVE-2018-20772

Frog CMS 0.9.5 allows PHP code execution via ?php to the admin/?/layout/edit/1 URI...

CVE-2018-20772

CVE-2018-20772 affects Frog CMS 0.9.5. The vulnerability allows PHP code execution via the PHP opening tag in the request to the URI admin/?/layout/edit/1, indicating a code-injection path in that administration handler. The root cause is improper handling of PHP code within that endpoint, enabli...

CVE-2018-20768

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

Design/Logic Flaw

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

CVE-2018-20768

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

CVE-2018-20768

An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...

CVE-2019-7580

ThinkCMF 5.0.190111 is vulnerable to remote code execution via the portal/admin_category/addpost.html alias parameter, caused by mishandling of a single quote that allows data/conf/route.php injection. Red Hat and other records confirm CVE-2019-7580, but the provided documents do not specify a pa...

CVE-2019-6339 PHAR stream wrapper Arbitrary PHP code execution

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...

CVE-2019-6244

Vulnerability summary (CVE-2019-6244): In UsualToolCMS 8.0, nonce CSRF protection flaw in the endpoint cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can trigger SQL statements and, consequently, write arbitrary PHP code to a .php file. This is documented across multiple sources (NVD entr...

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

Sql injection

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

CVE-2019-6127

CVE-2019-6127 affects XiaoCms 20141229. The vulnerability is a SQL injection in the admin/index.php?c=database table[] path, enabling an attacker to perform PHP code execution via INTO OUTFILE with a .php filename. The references confirm the same description across multiple sources, indicating a ...

Vtiger CRM File Upload PHP Code Execution Vulnerability

Vtiger CRM is a customer relationship management software that helps businesses become organized, increase sales, improve marketing ROI and provide an enjoyable customer service experience. A file upload PHP code execution vulnerability exists in Vtiger CRM version 7.1.0 prior to Hotfix2. The...

CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action...

CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action...