CVE-2018-10132

CVE-2018-10132 affects PbootCMS v0.9.8. The vulnerability is described as a cross‑site request forgery (CSRF) in admin.php/Message/mod/id/19.html?backurl=/index.php that can cause PHP code injection in the recontent parameter. Connected sources consistently reference the same description. No conc...

CVE-2018-10132

PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter...

Cross site request forgery (csrf)

The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers to execute arbitrary PHP code via the appid parameter to zbusers/plugin/AppCentre/pluginedit.php because of an unanchored regular expression, a different vulnerability than CVE-2018-8893. The component must be accessed directl...

CVE-2018-9153

The CVE concerns Z-BlogPHP 1.5.1. The plugin upload component enables remote PHP code execution via the app_id parameter to zb_users/plugin/AppCentre/plugin_edit.php due to an unanchored regular expression. Access must be direct by an administrator or via CSRF. This is a distinct issue from CVE-2...

Arbitrary Code Execution Vulnerability in the HTML5 Responsive Website Building System of Huizhou Fire Phoenix Network Technology Co.

Huizhou Fire Phoenix Network Technology Co., Ltd. provides one-stop website production, website promotion, APP development, WeChat development, data analysis, software development, dynamic creative, cell phone website, Taobao store permanent code decoration, FLASH animation, to program developmen...

GxlcmsQY Arbitrary PHP Code Execution Vulnerability

GxlcmsQY system is a quick website cms tailored for business users. An arbitrary PHP code execution vulnerability exists in the upload function in LibLibActionAdminUploadAction.class.php in GxlcmsQY v1.0.0713. A remote attacker can exploit this vulnerability by first changing the configuploadclas...

CVE-2018-9847

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2018-9848

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...

CVE-2018-9847

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

Cross site request forgery (csrf)

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...

Code injection

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2018-9848

In GxlcmsQY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote arbitrary PHP code execution. An attacker first sends Admin-Admin-Configsave to modify config[upload_class] from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php, then issues Admin-Upload-Upload to run...

CVE-2018-9848

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...

CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

Code injection

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

GxlcmsQY Arbitrary PHP Code Execution Vulnerability

Gxlcms QY is an enterprise website creation system. A security vulnerability exists in the 'upsql' function in the \Lib\Lib\Action\Admin\DataAction.class.php file in Gxlcms QY version 1.0.0713. A remote attacker can exploit this vulnerability by executing arbitrary SQL statements with the help of...

ProcessMaker - Plugin Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ProcessMaker Plugin Upload', 'Description' = %q This module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code a...

CVE-2018-9247

The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in Gxlcms QY v1.0.0713 allows remote attackers to execute arbitrary SQL statements via the sql parameter. Consequently, an attacker can execute arbitrary PHP code by placing it after a ?php substring, and then using INTO OUTFILE wit...

ProcessMaker - Plugin Upload Exploit

This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker...

CVE-2018-9175

DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via the egroup parameter to uploads/dede/stepselectmain.php because code within the database is accessible to uploads/dede/syscacheup.php...