CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'tdblocktitle' shortcode 'blocktemplateid' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...

CVE-2024-3813

The CVE-2024-3813 entry affects the WordPress plugin tagDiv Composer (versions up to 4.8). The vulnerability is Local File Inclusion via the td_block_title shortcode’s block_template_id attribute, enabling authenticated attackers with contributor-level permissions to include and execute arbitrary...

CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'tdblocktitle' shortcode 'blocktemplateid' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...

PT-2024-31670 · Yotuwp · The Video Gallery – Youtube Playlist

Name of the Vulnerable Software and Affected Versions: The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress versions up to, and including, 1.3.13 Description: The issue allows authenticated attackers with contributor access or higher to include and execute arbitrar...

CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion

The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version = 1.1.1 via the WIWHEADER parameter of the /system/include/includeuser.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external...

Cacti Import Packages RCE

This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versions prior to 1.2.27 to achieve RCE. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The modu...

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...

CVE-2024-1577

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

CVE-2024-1659 Arbitrary File Upload in MegaBIP

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...

CVE-2024-1659

CVE-2024-1659 describes an Arbitrary File Upload vulnerability in MegaBIP software, affecting versions up to 5.10. The issue allows an unauthenticated attacker to upload arbitrary files to the server, including PHP code, enabling potential in-server code execution or defacement as implied by the ...

CVE-2024-1577 Remote Code Execution in MegaBIP

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

CVE-2024-1577

CVE-2024-1577 describes a Remote Code Execution in MegaBIP software, allowing unauthenticated arbitrary code execution by saving attacker-crafted PHP code to a website file. Affected: MegaBIP software versions up to 5.11.2. The connected documents do not provide any further technical details (e.g...

CVE-2024-1577 Remote Code Execution in MegaBIP

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

PT-2024-18206 · Megabip · Megabip

Name of the Vulnerable Software and Affected Versions: MegaBIP software versions through 5.10 Description: The issue allows an attacker to upload any file to the server, including a PHP code file, without authentication. This enables potential execution of malicious code on the server...

CVE-2024-37295

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295

CVE-2024-37295 affects the Aimeos core framework. Versions before 2024.04.5 (starting from 2024.01.1) allow an admin to upload files that appear image-like but contain PHP code, which can be executed in the web server context (remote code execution). The issue is fixed in 2024.04.5. CVSS v3.1 bas...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...