CVE-2021-27230

ExpressionEngine prior to 5.4.2 and 6.x prior to 6.0.3 is affected by a PHP code injection vulnerability. Authenticated users able to invoke Translate::save() can write to an _lang.php file under system/user/language, enabling arbitrary PHP execution. Root cause: Translate::save() path handling a...

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

Acronis: Unrestricted file upload vulnerability in IMCE

Summary Steps To Reproduce POC 1. Go to "https://forum.acronis.com/" and creat user 1. Click on edit profile and go to Signature click on inser image usig imce file manger 1. Now upload php file and bypass to add .gif in the endpoint Recommendations...

GHSA-3RPF-5RQV-689Q PHP Code Injection by malicious function name in smarty

Template authors could inject php code by choosing a malicous function name. Sites that cannot fully trust template authors should update as soon as possible. Please upgrade to 3.1.39 or higher...

PHP Code Injection by malicious function name in smarty

Template authors could inject php code by choosing a malicous function name. Sites that cannot fully trust template authors should update as soon as possible. Please upgrade to 3.1.39 or higher...

Zenphoto CMS 1.5.7 Shell Upload Vulnerability

Authenticated arbitrary file upload to RCE Product : Zenphoto Affected : Zenphoto CMS - = 1.5.7 Attack Type : Remote login then go to plugins then go to uploader and press on the check box elFinder then press apply , after that you go to upload then FileselFinder drag and drop any malicious php...

NeDi PHP Code Injection Vulnerability

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from a PHP code injection vulnerability. The vulnerability can be exploited to inject PHP code into the System Files function of endpoint /System-Files.php v...

NeDi <= 1.9C, 2.0 Multiple Vulnerabilities

NeDi is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribu...

CVE-2021-26753

NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...

CVE-2021-26753

CVE-2021-26753 affects NeDi 1.9C. An authenticated user can inject PHP code via the txt HTTP POST parameter to /System-Files.php, enabling code execution and access to the underlying OS and all application data. Connected sources confirm the vulnerability details; no remediation steps are provide...

Nedi Consulting NeDi 代码注入漏洞

NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from a PHP code injection vulnerability. The vulnerability can be exploited to inject PHP code into the System Files function of endpoint /System-Files.php v...

NextGen Gallery < 3.5.0 - CSRF allows File Upload

It was possible to bypass the "validateajaxrequest" function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code ...

Security Bulletin: IBM API Connect's Developer Portal is vulnerable to arbitrary code excution in Drupal Core (CVE-2020-13671)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2020-13671 DESCRIPTION: Drupal Core could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly sanitize certain filenames on uploaded files. By...

Moodle < 3.5.16, 3.8.x < 3.8.7, 3.9.x < 3.9.4, 3.10.x < 3.10.1 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Smarty_Internal_Runtime_TplFunction Sandbox Escape PHP Code Injection

More info at https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html...

template_object Sandbox Escape PHP Code Injection

More info at https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html...

SRC-2021-0010 : Smarty Template Engine Smarty_Internal_Runtime_TplFunction Sandbox Escape Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of Smarty Template Engine. Authentication is context dependant and may not be required to exploit this vulnerability. The specific flaw exists within the SmartyInternalCompileFunctio...

WordPress AIT CSV Import/Export 3.0.3 Shell Upload Exploit

WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however t...

Cemetery Mapping And Information System 1.0 SQL Injection

Exploit Title: Cemetry Mapping and Information System 1.0 - Multiple SQL Injections Exploit Author: Mesut Cetin Date: 2021-01-12 Vendor Homepage: https://www.sourcecodester.com/php/12779/cemetery-mapping-and-information-system-using-phpmysqli.html Software Link:...

CVE-2020-35131

Affected software: Cockpit CMS pre-0.6.1. The vulnerability is a code execution flaw caused by insecure handling of registerCriteriaFunction in lib/MongoLite/Database.php, enabling an attacker to inject PHP through crafted JSON values to /auth/check or /auth/requestreset. Impact is remote, unauth...