Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

950 matches found

OSV
OSVadded 2023/11/01 8:15 a.m.2 views

UBUNTU-CVE-2023-4197

Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...

8.8CVSS7.4AI score0.53316EPSS
Exploits0References4
UbuntuCve
UbuntuCveadded 2023/11/01 12:0 a.m.9 views

CVE-2023-4197

Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...

8.8CVSS7.3AI score0.53316EPSS
Exploits0References3
OSV
OSVadded 2023/10/27 4:15 a.m.0 views

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

7.2CVSS5.8AI score
Exploits0References3
NVD
NVDadded 2023/10/27 4:15 a.m.12 views

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

7.2CVSS7.3AI score0.90534EPSS
Exploits14References3
ATTACKERKB
ATTACKERKBadded 2023/10/27 4:15 a.m.0 views

CVE-2023-46818

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

7.2CVSS7.1AI score0.90534EPSS
Exploits14References6
NVD
NVDadded 2023/10/27 4:15 a.m.11 views

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

8.8CVSS8.7AI score0.00239EPSS
Exploits0References1
Prion
Prionadded 2023/10/27 4:15 a.m.13 views

Unrestricted file upload

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

6.5CVSS8.6AI score0.00239EPSS
Exploits0References1
Prion
Prionadded 2023/10/27 4:15 a.m.22 views

Code injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

5.8CVSS7.2AI score0.90534EPSS
Exploits14References3Affected Software1
CNNVD
CNNVDadded 2023/10/27 12:0 a.m.1 views

ISPConfig Security Vulnerability

ISPConfig is a set of Linux-based open source hosting control panel, which allows you to manage multiple servers, open web sites, monitor server operation status, etc. via a web control panel. A security vulnerability exists in ISPConfig versions prior to 3.2.11p1, which stems from the fact that ...

7.2CVSS7.3AI score0.90534EPSS
Exploits14References2
Cvelist
Cvelistadded 2023/10/27 12:0 a.m.12 views

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

8.8AI score0.00239EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/10/27 12:0 a.m.3 views

PT-2023-30234 · Ispconfig · Ispconfig

Name of the Vulnerable Software and Affected Versions: ISPConfig versions prior to 3.2.11p1 Description: An issue was discovered that allows PHP code injection in the language file editor by an admin if admin allow langedit is enabled. This issue can be exploited to achieve PHP code injection...

7.2CVSS7AI score0.90534EPSS
Exploits14References21
Positive Technologies
Positive Technologiesadded 2023/10/27 12:0 a.m.2 views

PT-2023-30232 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 12.0.4 SugarCRM versions prior to 13.0.2 Description: A Server Site Template Injection SSTI issue has been identified in the GecControl action, allowing custom PHP code injection via the GetControl action due to...

8.8CVSS9AI score0.00224EPSS
Exploits0References4
Cvelist
Cvelistadded 2023/10/27 12:0 a.m.12 views

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

9AI score0.00224EPSS
Exploits0References1
NVD
NVDadded 2023/10/02 8:15 p.m.12 views

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

8.8CVSS9AI score0.03503EPSS
Exploits1References1
Prion
Prionadded 2023/10/02 8:15 p.m.12 views

Code injection

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

6.5CVSS8.9AI score0.03503EPSS
Exploits1References1Affected Software1
CVE
CVEadded 2023/10/02 12:0 a.m.52 views

CVE-2023-43835

Summary: CVE-2023-43835 affects Super Store Finder 3.7 and earlier. The issue is an authenticated Arbitrary PHP Code Injection vulnerability that can lead to remote code execution when settings overwrite the content of config.inc.php. What’s affected: Super Store Finder software, versions ≤ 3.7. ...

8.8CVSS8.9AI score0.03503EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2023/10/02 12:0 a.m.14 views

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

9.2AI score0.03503EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2023/10/02 12:0 a.m.13 views

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

7.7AI score0.03503EPSS
Exploits1References1
0day.today
0day.todayadded 2023/09/19 12:0 a.m.418 views

Super Store Finder 3.7 Remote Command Execution Vulnerability

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

7.1AI score
Exploits0
Packet Storm
Packet Stormadded 2023/09/19 12:0 a.m.460 views

Super Store Finder 3.7 Remote Command Execution

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

7.1AI score
Exploits0
Rows per page
Query Builder