950 matches found
CVE-2024-44724
AutoCMS v5.4 is affected by a PHP code injection vulnerability exposed via the txtsite_url parameter in /admin/site_add.php. Exploitation allows executing arbitrary PHP code, as described across multiple sources (e.g., Red Hat and CNNVD entries). The issue is tied to an input parameter in the API...
CMSsite 1.0 Shell Upload
============================================================================================================================================= | Title : CMSsite 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...
Alphaware E-Commerce System 1.0 Code Injection
============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...
CVE-2024-7094
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...
CVE-2024-7094 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...
CVE-2024-7094
The CVE-2024-7094 issue affects the WordPress plugin JS Help Desk (JS Help Desk – The Ultimate Help Desk & Support Plugin). It enables PHP code injection leading to remote code execution due to unsanitized user input in storeTheme and missing capability checks, allowing unauthenticated code execu...
CVE-2024-7094 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.6 - Unauthenticated PHP Code Injection to Remote Code Execution
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which...
Arbitrary File Creation in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename including...
GHSA-7Q3H-J95Q-3VJH Arbitrary File Creation in opencart
This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename including...
CVE-2024-21519
OpenCart opencart/opencart (v4.0.0.0) is affected by an Arbitrary File Creation vulnerability exposed via the database restoration functionality. The root cause is PHP code injection into the database, allowing an attacker with admin privileges to create a backup file with an arbitrary filename (...
Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm
CVE-2023-30253 CVE-2023-30253 PoC Description This is my Po...
CVE-2024-3562
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...
CVE-2024-3562
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...
CVE-2024-3562
CVE-2024-3562 : The WordPress plugin Custom Field Suite is vulnerable to PHP Code Injection via the Loop custom field. The issue stems from insufficient sanitization before using input in eval(), allowing authenticated attackers with contributor-level access or higher to execute arbitrary PHP on ...
CVE-2024-3562 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...
CVE-2024-3562 Custom Field Suite <= 2.6.7 - Authenticated (Contributor+) PHP Code Injection via Loop Custom Field
The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval function. This makes it possible for authenticated...
CVE-2024-36679
In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...
CVE-2024-36679
In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...
CVE-2024-36679
CVE-2024-36679 affects Module Live Chat Pro (All in One Messaging) for PrestaShop, versions
PrestaShop livechatpro Security Breach
PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution offers multiple payment methods, short message alerts, and product image zoom. A security vulnerability exists in PrestaShop livechatpro version 8.4.0 and earlier, which stems from the presence of...