CVE-2019-7692

install/install.php in CIM 0.9.3 allows remote attackers to execute arbitrary PHP code via a crafted prefix value because of configuration file mishandling in the N=83 case, as demonstrated by a call to the PHP fputs function that creates a .php file in the public folder...

CVE-2019-7580

ThinkCMF 5.0.190111 is vulnerable to remote code execution via the portal/admin_category/addpost.html alias parameter, caused by mishandling of a single quote that allows data/conf/route.php injection. Red Hat and other records confirm CVE-2019-7580, but the provided documents do not specify a pa...

Directory traversal

idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php...

CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...

CVE-2019-6713

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...

CVE-2019-6339 PHAR stream wrapper Arbitrary PHP code execution

In Drupal Core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9; A remote code execution vulnerability exists in PHP's built-in phar stream wrapper when performing file operations on an untrusted phar:// URI. Some Drupal code core, contrib, and custom may be performing fi...

CVE-2019-6289

uploads/include/dialog/selectsoft.php in DedeCMS V57UTF8SP2 allows remote attackers to execute arbitrary PHP code by uploading with a safe file extension and then renaming with a mixed-case variation of the .php extension, as demonstrated by the 1.pHP filename...

Cross site request forgery (csrf)

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

CVE-2019-6244

Vulnerability summary (CVE-2019-6244): In UsualToolCMS 8.0, nonce CSRF protection flaw in the endpoint cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that can trigger SQL statements and, consequently, write arbitrary PHP code to a .php file. This is documented across multiple sources (NVD entr...

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/asqlbackx.php?t=sql allows CSRF attacks that can execute SQL statements, and consequently execute arbitrary PHP code by writing that code into a .php file...

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

Sql injection

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename...

CVE-2019-6127

CVE-2019-6127 affects XiaoCms 20141229. The vulnerability is a SQL injection in the admin/index.php?c=database table[] path, enabling an attacker to perform PHP code execution via INTO OUTFILE with a .php filename. The references confirm the same description across multiple sources, indicating a ...

The vulnerability of the software controller for the centralized control of wireless networks by D-Link Central WiFi Manager arises from the use of pre-installed credentials. This allows a hacker to execute arbitrary PHP code.

The vulnerability of the D-Link Central WiFi Manager software control panel lies in the use of pre-installed credentials FTP services: admin, admin, which are running on port 9000. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code by loading it into the root...

Vtiger CRM File Upload PHP Code Execution Vulnerability

Vtiger CRM is a customer relationship management software that helps businesses become organized, increase sales, improve marketing ROI and provide an enjoyable customer service experience. A file upload PHP code execution vulnerability exists in Vtiger CRM version 7.1.0 prior to Hotfix2. The...

CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action...

Design/Logic Flaw

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action...