Simple Machines Forum (SMF) <= 2.0.4 Multiple Vulnerabilities

Simple Machines Forum SMF is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Code injection

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...

CVE-2019-9652

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...

CVE-2019-9652

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...

CVE-2019-9652

SDCMS V1.7 contains a CSRF leading to PHP code injection via an m=admin&c=theme&a=edit request. The vulnerable component is the file handling (filename via the file parameter and content via t2), enabling remote code execution within the CMS. Concrete details across sources confirm the attack vec...

CVE-2019-9652

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...

CVE-2013-7468

Simple Machines Forum SMF 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter...

CVE-2013-7468

Simple Machines Forum SMF 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter...

Code injection

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter...

CVE-2019-9182

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter...

CVE-2019-9182

CVE-2019-9182 affects ZZZCMS zzzphp v1.6.1. A CSRF flaw in /admin015/save.php?act=editfile enables PHP code injection by supplying a filename in the file parameter and content in the filetext parameter, leading to potential code execution on the server. Exploitation details are described in the C...

CVE-2019-9182

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter...

ZZZCMS zzzphp Cross-Site Request Forgery Vulnerability

ZZZCMS zzzphp is a content management system CMS. A cross-site request forgery vulnerability exists in ZZZCMS zzzphp version V1.6.1. A remote attacker can exploit this vulnerability to inject PHP code with the help of the 'file' and 'filetext' parameters...

PHP Code Injection

smarty-php/smarty is vulnerable to PHP code injection attacks. The vulnerability exists as the template names are unsanitized when called from fetch or display, allowing PHP code injection attacks...

CVE-2019-7720

taocms through 2014-05-24 allows eval injection by placing PHP code in the install.php dbname parameter and then making a config.php request...

CVE-2019-7719

Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...

CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...

SugarCRM Web Logic Hooks Module PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "triggerevent" parameter is not properly sanitized before being used to save PHP code into the 'logichooks.php' file through the Web Logic Hooks module. This can be...

SugarCRM WorkFlow PHP Code Injection Vulnerability

SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $POST'basemodule' parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the...

SugarCRM (WorkFlow module) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...