SugarCRM WorkFlow PHP Code Injection

----------------------------------------------------------- SugarCRM WorkFlow module PHP Code Injection Vulnerability ----------------------------------------------------------- - Software Link: http://www.sugarcrm.com - Affected Versions: All versions prior to 7.9.4.0 and 7.11.0.0. - Vulnerabili...

CVE-2018-20300

Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file...

WordPress Duplicator Plugin < 1.2.42 RCE Vulnerability

An issue was discovered in Snap Creek Duplicator. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. SPDX-FileCopyrightText: 2018 Greenbone AG Some tex...

CVE-2018-17207

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

Code injection

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

CVE-2018-17207

The CVE concerns WordPress Snap Creek Duplicator plugin before 1.2.42. The issue arises when leftover installer files (installer.php and installer-backup.php) are accessed, allowing an attacker to inject PHP code into wp-config.php during the database setup step, resulting in arbitrary code execu...

CVE-2018-17207

An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution...

PT-2018-13948

Name of the Vulnerable Software and Affected Versions Snap Creek Duplicator versions prior to 1.2.42 Description An issue allows an attacker to inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution by accessing leftover installer files, specifically...

Moodle Remote Code Execution Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in Moodle. The vulnerability can be exploited by an...

Command injection

UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type...

CVE-2018-17036

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

CVE-2018-17036

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

Code injection

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

CVE-2018-17036

UCMS 1.4.6 and 1.6 have a PHP code injection vulnerability in the installer. The flaw occurs in the install/index.php flow via the systemdomain parameter, enabling injection and execution of PHP code (demonstrated by injecting a phpinfo() call into /inc/config.php). Root cause, as described in mu...

CVE-2018-17036

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

CVE-2016-9483 PHP FormMail Generator generates PHP code for standard web forms, and the code generated is vulnerable to unsafe deserialization of untrusted data

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmgfilmandownload function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and obta...

Dolibarr ERP/CRM &lt; 7.0.3 - PHP Code Injection

Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3 Tested on: Unix, Windows Technical Details...

Dolibarr ERPCRM 7.0.3 - PHP Code Injection

Dolibarr ERPCRM 7.0.3 - PHP Code Injection Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3...

CVE-2018-10740

Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code contained in the webkeywords parameter into the cmsconfig.php file...

Code injection

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter...