TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Exploit

Exploit for linux platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-add...

Cross site request forgery (csrf)

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code...

CVE-2018-7700

DedeCMS 5.7 (including 5.7SP2) is vulnerable to CSRF that can lead to arbitrary code execution via the partcode parameter in tag_test_action.php (runphp field with PHP code). Exploitation appears in the wild (2025), and remediation is to apply security patches/update to a newer DedeCMS version. A...

TestLink Open Source Test Management 1.9.16 - Remote Code Execution (PoC)

TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any presen...

Creditwest Bank CMS Project Cross-Site Request Forgery Vulnerability

The Creditwest Bank CMS Project aka CWCMS is a content management system CMS. A cross-site request forgery vulnerability exists in the Website Configuration Update feature in Creditwest Bank CMS Project 2017-07-28 and prior releases. A remote attacker can exploit this vulnerability to inject...

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)

TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC. CVE-2018-7466. Remote exploit for Linux platform Title: TestLink Open Source Test Management= 1.9.16 Remote Code Execution By Manish error1046 Vendor Home Page: http://testlink.org Disovered At: Indishell Lab CVE ID:...

ZZCMS 'siteurl' parameter PHP code injection vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. The vulnerability can be exploited to inject PHP code by sending 'siteurl' parameter to install/index.php file...

CVE-2018-8972

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

Cross site request forgery (csrf)

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

CVE-2018-8972

Creditwest Bank CMS Project (CWCMS) prior to 2017-07-28 contains a cross-site request forgery (CSRF) vulnerability in the Website Configuration Update feature. This CSRF flaw enables an attacker to inject arbitrary PHP code, demonstrated by a PHP shell that calls eval on request parameters. Affec...

CVE-2018-8972

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

CVE-2018-8966

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

Code injection

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

CVE-2018-8966

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

PT-2018-18745 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue in zzcms allows PHP code injection via the siteurl parameter to the "install/index.php" endpoint, enabling the injection of PHP code, such as a phpinfo call, into "/inc/config.php". Recommendations: For...

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...

Security feature bypass

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...

CVE-2018-5782

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...

Security feature bypass

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...

Security feature bypass

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...