CVE-2018-0658

Input validation issue in EC-CUBE Payment Module 2.12 version 3.5.23 and earlier, EC-CUBE Payment Module 2.11 version 2.3.17 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.12 version 3.5.23 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.11 version 2.3.17 and earlier...

CVE-2018-0645

MTAppjQuery (Movable Type plugin) v1.8.1 and earlier is vulnerable to remote PHP code execution due to inclusion of Uploadify (unrestricted file upload, CWE-434). Exploitation could allow a remote attacker to execute arbitrary PHP code on the server. Affected: MTAppjQuery 1.8.1 and earlier. Root ...

CVE-2018-0645

MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors...

CVE-2018-16604

Nibbleblog v4.0.5 is affected. The issue allows an attacker with admin credentials to execute arbitrary PHP code by exploiting the username field, which is surrounded by double quotes (e.g., "${phpinfo()}"). Root cause is improper handling of the admin username leading to code execution. Impact i...

idreamsoft iCMS Path Traversal Vulnerability

idreamsoft iCMS is an open source content management system CMS based on PHP and MySQL. A path traversal vulnerability exists in admincp.php?app=config in idreamsoft iCMS version 7.0.11, which can be exploited by remote attackers to execute arbitrary PHP code in a ZIP file...

CVE-2018-16320

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file...

DamiCMS has an arbitrary file write vulnerability

DamiCMS is a content management system CMS for building websites quickly. DamiCMS v6.0.0 version exists arbitrary file write vulnerability, the vulnerability stems from the template editing page fails to strictly detect the file name suffix, an attacker can exploit the vulnerability to write...

Unrestricted file upload

Unrestricted file upload in interface/super/managesitefiles.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory...

CVE-2018-15142

OpenEMR prior to 5.0.1.4 has a directory-traversal vulnerability in portal/import_template.php that allows an authenticated patient-portal user to write a PHP file via docid/content and access it in the traversed directory, resulting in arbitrary PHP code execution. Affected versions are older th...

SeedDMS Arbitrary File Upload Vulnerability

SeedDMS formerly known as LetoDMS and MyDMS is SeedDMS enthusiasts jointly developed a set of PHP and MySql-based open source document management system . The system is mainly used to store and share documents. An arbitrary file upload vulnerability exists in the 'op/op.UploadChunks.php' file in...

JVN#62423700: Movable Type plugin MTAppjQuery vulnerable to PHP code execution

MTAppjQuery provided by bit part LLC is a plugin for Movable Type. An older version PHP library Uploadify is incorporated in MTAppjQuery v1.8.1 and earlier versions and the older versions of Uploadify contains unrestricted upload of arbitrary file CWE-434, which may lead to arbitrary PHP code...

Cross site scripting

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which m...

OneFileCMS Arbitrary PHP Code Execution Vulnerability

OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS version 2012-04-14 and earlier. The vulnerability can be...

Privilege escalation

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

CVE-2018-13021

HongCMS 3.0.0 is affected by CVE-2018-13021 due to an Arbitrary Script File Upload vulnerability exploited via admin/index.php/template/upload, enabling PHP code execution. Multiple connected sources (e.g., CNVD-2018-16275, NVD entry) confirm the vulnerability and impact. The root cause is an ins...

CVE-2018-12995

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen...

CVE-2018-12994

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...

CVE-2018-12994

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...

Custom Tokens - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-041

The Custom Tokens module enables you to create custom tokens for specific replacements that can improve other modules relying on the token API. The module doesn't sufficiently identify that its custom permissions are risky and should only be granted to highly trusted roles. This vulnerability is...