PT-2024-20120 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.7 Description: The issue allows authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server throug...

CVE-2024-4098 Shariff Wrapper <= 4.6.13 - Unauthenticated Local File Inclusion

The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uufetchsharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

Cacti Import Packages RCE

This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versions prior to 1.2.27 to achieve RCE. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The modu...

CVE-2024-1659

Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...

CVE-2024-1659

CVE-2024-1659 describes an Arbitrary File Upload vulnerability in MegaBIP software, affecting versions up to 5.10. The issue allows an unauthenticated attacker to upload arbitrary files to the server, including PHP code, enabling potential in-server code execution or defacement as implied by the ...

CVE-2024-1577 Remote Code Execution in MegaBIP

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

CVE-2024-1577

CVE-2024-1577 describes a Remote Code Execution in MegaBIP software, allowing unauthenticated arbitrary code execution by saving attacker-crafted PHP code to a website file. Affected: MegaBIP software versions up to 5.11.2. The connected documents do not provide any further technical details (e.g...

CVE-2024-1577 Remote Code Execution in MegaBIP

Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...

CVE-2024-37295

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295

CVE-2024-37295 affects the Aimeos core framework. Versions before 2024.04.5 (starting from 2024.01.1) allow an admin to upload files that appear image-like but contain PHP code, which can be executed in the web server context (remote code execution). The issue is fixed in 2024.04.5. CVSS v3.1 bas...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

CVE-2024-4620 ArForms < 6.6 - Unauthenticated RCE

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

CVE-2024-30162

Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\core\modules\admin\editor\toolbar::addPlugin method. This method handles uploaded ZIP files that are extracted into the...

GHSA-RHC2-23C2-WW7C Remote code execution in web server context

Impact User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server...

Remote code execution in web server context

Impact User with administrative privileges and upload files that look like images but contain PHP code which can then be executed in the context of the web server...

Cowidgets – Elementor Addons <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion

Description The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'itemstyle' and 'style' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include a...

Duplicate

This advisory duplicates another...