CVE-2024-13268 Opigno - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-032

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23...

CVE-2024-13268

CVE-2024-13268 describes a vulnerability in the Drupal Opigno module where improper neutralization of directives in statically saved code enables PHP Local File Inclusion. Affected versions are Opigno 7.X-1.0 up to but not including 7.X-1.23. The CVE entry indicates a network-accessible flaw with...

CVE-2024-13267 Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3...

CVE-2024-13267 Opigno TinCan Question Type - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-031

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3...

CVE-2024-13267

The Drupal Opigno TinCan Question Type module (7.X-1.0 through 7.X-1.3) is affected by SA-CONTRIB-2024-031, describing improper neutralization of directives in statically saved code that enables a static code injection vulnerability. This can allow Remote Code Execution (RCE) and/or Cross Site Sc...

CVE-2024-13265 Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2...

CVE-2024-13265

CVE-2024-13265 affects the Opigno Learning Path module used with Drupal. According to the connected documents, the issue is caused by improper neutralization of directives in statically saved code (static code injection), which allows PHP Local File Inclusion and can enable arbitrary code executi...

CVE-2024-13264 Opigno module - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-028

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2...

CVE-2024-13264

The CVE-2024-13264 issue affects the Opigno module used with Drupal, arising from improper neutralization of directives in statically saved code (Static Code Injection) that enables PHP Local File Inclusion. The PT-2024-10353 writeup specifies Opigno versions 0.0.0 through 3.1.2 as vulnerable, wi...

CVE-2024-13263 Opigno group manager - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-027

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1...

CVE-2024-13263

CVE-2024-13263 affects Opigno group manager (versions 0.0.0 up to 3.1.1). The root cause is improper neutralization of directives in statically saved code (static code injection), which can lead to PHP Local File Inclusion. Several connected sources corroborate that this vulnerability enables arb...

CVE-2024-11642

The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locatetemplate' function. This makes it...

CVE-2024-11642 Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion

The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locatetemplate' function. This makes it...

CVE-2024-11642

CVE-2024-11642 – The WordPress plugin “Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder” is affected by an unauthenticated Local File Inclusion via locate_template in all versions up to 3.4.12. The vulnerabil...

PT-2025-1677 · WordPress · Post Grid Master

Name of the Vulnerable Software and Affected Versions: The Post Grid Master plugin for WordPress versions up to, and including, 3.4.12 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server, enabling the execution of any PHP code in those file...

CVE-2022-41573

CVE-2022-41573 affects Ovidentia 8.3. The file upload feature does not prevent executable files; a user can upload a PHP-embedded PNG and rename it to .php, making it accessible at an images/common/ URI and enabling remote code execution. The available sources describe the impact (remote code exe...

CVE-2024-12571 Store Locator <= 3.98.10 - Unauthenticated Local File Inclusion

The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'slengine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...

[SECURITY] [DSA 5830-1] smarty4 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5830-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 12, 2024 https://www.debian.org/security/faq -...

CVE-2024-12040 Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme'

The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the wcpcsu shortcode. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-12040

CVE-2024-12040 : The Product Carousel Slider & Grid Ultimate for WooCommerce (WordPress) is affected by an authenticated Local File Inclusion via the theme attribute in the wcpcsu shortcode, allowing a Contributor+ user to include and execute arbitrary PHP on the server. Impact includes potential...