7207 matches found
Exploit for Improper Authentication in Phpmyadmin
CVE-2018-12613 Local file inclusion bug due to filter bypass u...
CVE-2018-19127
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...
Code injection
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...
CVE-2018-19053
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...
PbootCMS Arbitrary PHP Code Execution Vulnerability
PbootCMS is a new core open source enterprise building system developed by Avantech. An arbitrary PHP code execution vulnerability exists in PbootCMS 1.2.2. A remote attacker can exploit this vulnerability by specifying a .php file name in the "SET GLOBAL generallogfile" statement and a subsequen...
CVE-2018-18934
An issue was discovered in PopojiCMS v2.0.1. admincomponent.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code that is extracted and can be executed. This can also be exploited via CSRF...
Cross site request forgery (csrf)
An issue was discovered in PopojiCMS v2.0.1. admincomponent.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code that is extracted and can be executed. This can also be exploited via CSRF...
CVE-2018-18934
PopojiCMS v2.0.1 is affected by CVE-2018-18934. The vulnerability lies in admin_component.php, exploitable through the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code, which is extracted and can be executed. This is...
CVE-2018-18934
An issue was discovered in PopojiCMS v2.0.1. admincomponent.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code that is extracted and can be executed. This can also be exploited via CSRF...
Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities
Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. PoC Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php...
WordPress 4.2.x < 4.2.12 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...
CVE-2018-18892
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...
CVE-2018-18892
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...
Code injection
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...
Code injection
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...
CVE-2018-18874
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...
CVE-2018-18835
uploadtemplate in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file...
Code injection
uploadtemplate in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file...
Cross site request forgery (csrf)
CSRF exists in zbusers/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 Zero, which allows remote attackers to execute arbitrary PHP code...
CVE-2018-18835
uploadtemplate in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file...