CVE-2018-20129

An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/selectimagespost.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the...

CVE-2018-20129

An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/selectimagespost.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the...

WordPress Snap Creek Duplicator Code Injection Exploit

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters befo...

Snap Creek Duplicator WordPress plugin code injection

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters befo...

tp5cms Arbitrary File Upload Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A security vulnerability exists in the admin.php/upload/picture.html page in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit the...

Design/Logic Flaw

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...

CVE-2018-19692

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...

PT-2018-14968 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP versions prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary PHP code by uploading an image with the image/jpeg content type to the "zb system/admin/index.php?act=UploadMng" API endpoint. This requires...

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

Code injection

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url=...

CVE-2018-19404

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url=...

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

phpBB 3.2.3: Phar Deserialization to RCE

Impact phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. Bu...

WordPress Duplicator Plugin < 1.2.42 RCE Vulnerability

An issue was discovered in Snap Creek Duplicator. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. SPDX-FileCopyrightText: 2018 Greenbone AG Some tex...

OCS Inventory NG ocsreports Shell Upload

Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST /ocsreports/index.php?function=telepackage HTTP/1.1 Host: 192.168.5.135 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:61.0 Gecko/20100101...

OCS Inventory NG ocsreports Shell Upload Vulnerability

OCS Inventory NG suffers from an ocsreports authenticated remote code execution vulnerability via a shell upload. OCS Inventory NG ocsreports Shell Upload Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST...

CVE-2018-19220

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI...

Code injection

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI...

CVE-2018-19220

LAOBANCMS 2.0 is affected by an arbitrary PHP code execution flaw that can be triggered by the host parameter to the install/ URI. The issue is remote, unauthenticated, and exploitable over network with the potential for high impact (per CVSSv3.0: CRITICAL, 9.8; Confidentiality/Integrity/Availabi...

Code injection

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...