CVE-2018-5749

install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary PHP code via the 1 databaseserver, 2...

Mambo < 4.5.4 - SQL Injection Vulnerability

Exploit for php platform in category web applications Mambo SQL Injection Vendor: Miro International Pty Ltd Product: Mambo Version: = 4.5.4 Website: http://www.mamboserver.com/ BID: 20366 OSVDB: 50002 Description: Mambo is a popular Open Source Content Management System released under the GNU...

PHP Code Execution Vulnerability in JCCMS of Chengdu Torch Cheng Information Technology Co.

JCCMS is a website building system developed by Chengdu Torch Cheng Information Technology Co. JCCMS has a code execution vulnerability that can be exploited by attackers to execute arbitrary PHP code...

Samsung SRN-1670D Web Viewer 1.0.0.193 Arbitrary File Read / Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest' class MetasploitModule 'Samsung SRN-1670D Web Viewer Version 1.0.0.193 Arbitrary File Read and Upload', 'Description' = %q This module exploits an...

gps-server.net GPS Tracking Software (self hosted) Remote Code Execution Vulnerability

gps-server.net GPS Tracking Software self hosted is a GPS location tracking program. The program is able to manage tracking history, reports, events, notifications and more. A security vulnerability exists in the 'writeLog' function in the fncommon.php file in gps-server.net GPS Tracking Software...

b2evolution Remote PHP Code Execution Vulnerability

b2evolution is prone to a remote PHP code execution vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3.x before 3.1.32 is vulnerable to PHP code injection when fetch() or display() are used on custom resources that do not sanitize the template name. Root cause: unsanitized template-name handling in Smarty’s fetch/display paths can lead to arbitrary code execution in PHP contexts. The CVE ...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

b2evolution CMS 6.8.10 PHP Code Execution

b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install functionality CVE: CVE-2017-1000423 Credit: Anti RA$?is...

b2evolution CMS 6.8.10 PHP Code Execution Vulnerability

Exploit for php platform in category web applications b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install...

CVE-2017-1000423

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...

Input validation

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...

CVE-2017-1000423

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...

CVE-2017-1000423

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...

CVE-2017-1000423

CVE-2017-1000423 affects b2evolution CMS versions 6.6.0–6.8.10. The root cause is input validation in the basic install functionality (backslash and single quote escape), allowing an unauthenticated attacker to gain PHP code execution on the victim’s setup. Multiple sources corroborate a remote P...

CVE-2017-1000453

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution...