7207 matches found
CVE-2019-7719
Nibbleblog 4.0.5 allows eval injection by placing PHP code in the install.php username parameter and then making a content/private/shadow.php request...
CVE-2019-7720
The CVE-2019-7720 entry applies to TaoCMS, describing an eval-injection flaw in which PHP code can be placed in the install.php db_name parameter and then triggered via a config.php request. Red Hat and other sources corroborate the same issue, indicating the root cause is eval injection leading ...
CVE-2019-7718
MetInfo 6.x contains a race condition in the backend database backup function. The issue allows an attacker to execute arbitrary PHP code via admin/index.php?n=databack&c=index&a=dogetsql&tables=
CVE-2018-20775
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
CVE-2018-20775
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
CVE-2018-20773
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...
Code injection
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
Design/Logic Flaw
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...
CVE-2018-20773
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...
CVE-2018-20775
The CVE-2018-20775 entry concerns Frog CMS 0.9.5 where the admin/?/plugin/file_manager exposes a flaw that allows an attacker to create a new .php file containing PHP code and access it via the public/ URI, enabling PHP code execution. This aligns with the NVD description of a file-manager vulner...
CVE-2018-20775
admin/?/plugin/filemanager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI...
CVE-2018-20773
Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional ?php lines...
CVE-2018-20773
CVE-2018-20773 affects Frog CMS 0.9.5, where an attacker can achieve PHP code execution by visiting admin/?/page/edit/1 and injecting additional
CVE-2018-20772
Frog CMS 0.9.5 allows PHP code execution via ?php to the admin/?/layout/edit/1 URI...
CVE-2018-20772
CVE-2018-20772 affects Frog CMS 0.9.5. The vulnerability allows PHP code execution via the PHP opening tag in the request to the URI admin/?/layout/edit/1, indicating a code-injection path in that administration handler. The root cause is improper handling of PHP code within that endpoint, enabli...
Xerox WorkCentre Printers Multiple Vulnerabilities
Xerox WorkCentre Printers are prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Design/Logic Flaw
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...
CVE-2018-20768
An issue was discovered on Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices before R18-05 073.xxx.0487.15000. An attacker can execute PHP code by leveraging a writable file...