CVE-2022-39297

CVE-2022-39297 affects melisplatform/melis-cms prior to 5.0.1. The issue is a deserialization vulnerability that allows an attacker to deserialize untrusted data, ultimately executing arbitrary PHP code on the system without authentication. The root cause is improper handling of user-controlled d...

CVE-2022-39298 Deserialization of untrusted data in MelisFront

MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of...

CVE-2022-39297 Deserialization of untrusted data in MelisCms

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the...

CVE-2022-39297 Deserialization of untrusted data in MelisCms

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the...

CVE-2022-39298

MelisFront (melis-front) on Melis Platform contains a deserialization of untrusted data vulnerability that enables arbitrary PHP code execution. The issue affects affected versions of melisplatform/melis-front and can be exploited without authentication. The root cause is deserializing user-contr...

melisplatform/melis-cms vulnerable to deserialization of untrusted data

Impact Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-cms = 5.0.1...

melisplatform/melis-front vulnerable to deserialization of untrusted data

Impact Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-front =...

GHSA-H479-2MV4-5C26 melisplatform/melis-front vulnerable to deserialization of untrusted data

Impact Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-front =...

PT-2022-24879 · Melisplatform · Melis-Cms

Name of the Vulnerable Software and Affected Versions: melisplatform/melis-cms versions prior to 5.0.1 Description: The issue allows attackers to deserialize arbitrary data on affected versions of melisplatform/melis-cms, leading to the execution of arbitrary PHP code on the system. This attack...

[SECURITY] Fedora 36 Update: php-twig3-3.4.3-1.fc36

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

PT-2022-9492 · WordPress · Scripts Organizer

Name of the Vulnerable Software and Affected Versions: Scripts Organizer WordPress plugin versions prior to 3.0 Description: The issue concerns the lack of capability and CSRF checks in the saveScript AJAX action, which is accessible to both unauthenticated and authenticated users. Additionally,...

Design/Logic Flaw

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function fileputcontents. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

CVE-2022-35914

CVE-2022-35914 affects GLPI’s htmlawed integration via htmLawedTest.php, enabling PHP code injection. Exploit PoCs exist (PoC scripts and reports in Exploit-DB and GitHub repos) demonstrating remote code execution potential. CVSS v3.1 base score 9.8 (C/H I/H A/H) with network attack vector and no...

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

GHSA-JJ62-MC3M-J769 FeehiCMS has an arbitrary file upload vulnerability

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code...

FeehiCMS has an arbitrary file upload vulnerability

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8.1 at the head image upload, that allows attackers to execute relevant PHP code...

CVE-2020-21516

There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...