Remote code execution

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

GHSA-V92M-HHHW-VV9V Code injection in codiad

Codiad Web IDE through 2.8.4 allows PHP Code injection...

CVE-2020-19822

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

Remote code execution

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

CVE-2020-19822

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

PT-2021-10414 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2018 Description: A remote code execution issue in the template user.php file allows attackers to execute arbitrary PHP code. This is achieved via the ml and title parameters. Recommendations: For ZZCMS version 2018, consider...

D-Link DIR-816 Command Execution Vulnerability (CNVD-2021-67516)

The D-Link DIR-816 is a wireless router from D-Link, Taiwan, China.The D-Link DIR-816 has a security vulnerability that could be exploited by attackers to execute arbitrary php code via the typename parameter...

DedeCMS arbitrary PHP code execution vulnerability (CNVD-2021-94947)

DedeCMS Weaving Dream Content Management System is an open source content management system that is simple, robust, flexible, and open source. an arbitrary PHP code execution vulnerability exists in the plus/search.php component of DedeCMS 5.7 SP2. The vulnerability stems from the contents of...

Code injection

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...

CVE-2020-18917

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...

flatCore remote code execution vulnerability

flatCore is a PHP and SQLite based Web Content Management System CMS. flatCore version 2.0.7 is vulnerable to remote code execution. An attacker can exploit the vulnerability to execute arbitrary php code by uploading the addon plugin...

The vulnerability of the File Manager plugin (wp-file-manager) of the WordPress content management system allows a hacker to execute arbitrary PHP code on the target system.

The vulnerability of the File Manager plugin wp-file-manager in the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows a malicious actor to execute any PHP code on the target system remotely...

CVE-2021-39608

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...

Remote code execution

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...

CVE-2021-39608

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...

Online Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Online Traffic Offense Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 20-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.sourcecodester.com Software Link:...

Online Traffic Offense Management System 1.0 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Online Traffic Offense Management System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.sourcecodester.com Software Link:...

Online Traffic Offense Management System 1.0 Remote Code Execution

Exploit Title: Online Traffic Offense Management System 1.0 - Remote Code Execution RCE Unauthenticated Date: 20-08-2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.sourcecodester.com Software Link:...

Remote code execution

A remote code execution RCE in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file...

CVE-2020-22937

A remote code execution RCE in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file...