CVE-2015-6567

CVE-2015-6567 affects Wolf CMS prior to 0.8.3.1. The vulnerability arises in admin/plugin/file_manager/browse (the file manager) where the filename parameter is not properly validated, enabling an authenticated user with upload rights to upload arbitrary files and potentially execute PHP code on ...

CVE-2015-6568

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a...

CVE-2017-7694

Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor...

CVE-2017-7570

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

CVE-2017-7321

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the configkey parameter to the setup/index.php?action=welcome URI...

Code injection

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the corepath parameter...

WordPress CM Download Manager Code Injection (CVE-2014-8877)

Content Management Download Manager for WordPress is prone to remote PHP-code execution vulnerability because it fails to validate user input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may aid in further attacks or lead to a full...

Design/Logic Flaw

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data...

CVE-2016-4010

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data...

CVE-2016-4010

CVE-2016-4010 affects Magento CE/EE before 2.0.6 and enables unauthenticated remote code execution via crafted serialized shopping cart data, due to a PHP object injection in the checkout/cart flow. OpenVAS and exploit references describe Magento

CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

UBUNTU-CVE-2016-7998

The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted 1 INCLUDE or 2 INCLURE tag and then accessing it with a validerxml action...

Piwigo < 2.8.5 RFI Vulnerability

Piwigo is prone to a remote file inclusion RFI vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:piwigo:piwigo"; if...

NodCMS edit_lang_file PHP Code Execution

An arbitrary PHP code execution vulnerability exists in NodCMS . The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Elysia Cron - Critical - Arbitrary PHP code execution - SA-CONTRIB-2016-062

This module enables you to manage cron jobs. The module allows users with the permission "Administer elysia cron" to execute arbitrary PHP code via cron. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer elysia cron". This permission is...

NodCMS PHP Code Execution

!-- HTTP Request http://localhost/nodcms-master/admin/editlangfile/1/en POST /nodcms-master/admin/editlangfile/1/en HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; rv:49.0 Gecko/20100101 Firefox/49.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...

NodCMS - PHP Code Execution

NodCMS - PHP Code Execution !-- HTTP Request http://localhost/nodcms-master/admin/editlangfile/1/en POST /nodcms-master/admin/editlangfile/1/en HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; rv:49.0 Gecko/20100101 Firefox/49.0 Accept:...

NodCMS - PHP Code Execution

!-- HTTP Request http://localhost/nodcms-master/admin/editlangfile/1/en POST /nodcms-master/admin/editlangfile/1/en HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; rv:49.0 Gecko/20100101 Firefox/49.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...

SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution Exploit

Exploit for php platform in category web applications Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? 0day.today 2018-03-31...

SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution

SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? /textarea...