CVE-2020-10389

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

Design/Logic Flaw

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2020-8518

CVE-2020-8518 is an RCE in Horde Groupware Webmail Edition 5.2.22 via CSV data import, caused by arbitrary PHP code injection in the Horde_Data component. The vulnerability allows authenticated users to execute code on the server hosting the web application. Affected versions include Horde Groupw...

CVE-2020-8518

Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution...

CVE-2013-3214

vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'...

CVE-2013-3214

vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerability in 'vtigerolservice.php'...

CVE-2013-2267

FUDforum 3.0.4 and earlier are affected by a PHP code injection in /adm/admreplace.php due to insufficient validation of POST parameters regex_str, regex_str_opt and regex_with, allowing remote attackers to inject and execute arbitrary PHP code on the server with web server privileges (CWE-94). T...

CVE-2012-2931

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file...

SugarCRM PHP code injection vulnerability (CNVD-2019-34428)

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the EmailMan module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

SugarCRM PHP code injection vulnerability (CNVD-2019-34421)

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the MergeRecords module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

SugarCRM Configurator Module Directory Traversal Vulnerability

SugarCRM is a set of open source customer relationship management software . A directory traversal vulnerability exists in the Configurator module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...

CVE-2019-17301

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user...

CVE-2019-17308

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Emails module by a Regular user...

CVE-2019-17302

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by a Developer user...

CVE-2019-17306

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Configurator module by an Admin user...

CVE-2019-17303

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Developer user...