CVE-2018-13024

Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action...

CVE-2018-13021

An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI...

CVE-2018-13021

HongCMS 3.0.0 is affected by CVE-2018-13021 due to an Arbitrary Script File Upload vulnerability exploited via admin/index.php/template/upload, enabling PHP code execution. Multiple connected sources (e.g., CNVD-2018-16275, NVD entry) confirm the vulnerability and impact. The root cause is an ins...

CVE-2018-12995

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen...

Code injection

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...

CVE-2018-12994

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...

CVE-2018-12994

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen...

CVE-2018-12995

onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen...

Web Servers PHPMyAdmin Remote Code Execution (CVE-2016-5734)

A remote code execution vulnerability exists in PHPMyAdmin. The vulnerability is caused due to incorrect choosing of delimiters to prevent use of the pregreplace function. Successful exploitation of this vulnerability will allow execution of arbitrary PHP code...

Code injection

An issue was discovered in MetInfo 6.0.0. install\index.php allows remote attackers to write arbitrary PHP code into configdb.php, a different vulnerability than CVE-2018-7271...

Custom Tokens - Critical - Arbitrary PHP code execution - SA-CONTRIB-2018-041

The Custom Tokens module enables you to create custom tokens for specific replacements that can improve other modules relying on the token API. The module doesn't sufficiently identify that its custom permissions are risky and should only be granted to highly trusted roles. This vulnerability is...

Remote file inclusion

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files execute PHP code or read non-PHP files by replacing a helper.json file...

CVE-2018-12065

A Local File Inclusion vulnerability in /system/WCore/WHelper.php in Creatiwity wityCMS 0.6.2 allows remote attackers to include local PHP files execute PHP code or read non-PHP files by replacing a helper.json file...

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

Design/Logic Flaw

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

CVE-2018-11736

An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file...

CVE-2018-11736

Pluck before 4.7.7-dev2 is affected by a remote code execution in /data/inc/images.php. An attacker can upload an image/jpeg/.htaccess file to execute arbitrary PHP code, leading to full compromise of affected hosts. The issue is mitigated by upgrading to Pluck 4.7.7-dev2 or applying the fixed re...

PT-2018-2074 · D Link · D-Link Central Wifi Manager

Name of the Vulnerable Software and Affected Versions: D-Link Central WiFi Manager versions prior to 1.03r0100-Beta1 Description: The issue is related to an unrestricted file upload vulnerability in the "onUploadLogPic" endpoint, which allows remote authenticated users to execute arbitrary PHP...

GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution Vulnerabilities

Exploit for php platform in category web applications Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11670 An issue...