GHSA-WFV7-5X33-V22H Code injection in the way Symfony implements translation caching in FrameworkBundle

When investigating issue 11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony application is vulnerable if you meet the following conditions: - You are using the Symfony translation system from...

Code injection in the way Symfony implements translation caching in FrameworkBundle

When investigating issue 11093, Jeremy Derussé found a serious code injection issue in the way Symfony implements translation caching in FrameworkBundle. - Your Symfony application is vulnerable if you meet the following conditions: - You are using the Symfony translation system from...

UBUNTU-CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...

CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

POC exploit for Dolibarr example: python3 exploit.py http...

CVE-2024-5407

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

CVE-2024-5407

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

CVE-2024-5407

CVE-2024-5407 affects RhinOS 3.0-1190. A PHP code injection via the search parameter in /portal/search.htm is described, enabling a remote attacker to run a reverse shell and thereby compromise the entire infrastructure. Concrete details from connected sources specify the vulnerable component (Rh...

CVE-2024-5407 Code Injection vulnerability in RhinOS from SaltOS

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

CVE-2024-5407 Code Injection vulnerability in RhinOS from SaltOS

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

PT-2024-36021 · Rhinos · Rhinos

Name of the Vulnerable Software and Affected Versions: RhinOS versions 3.0-1190 Description: A vulnerability could allow PHP code injection through the "search" parameter in /portal/search.htm, enabling a remote attacker to perform a reverse shell on the remote system and compromise the entire...

CVE-2024-5147

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'gridstyle' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...

CVE-2024-5147 WPZOOM Addons for Elementor (Templates, Widgets) <= 1.1.37 - Unauthenticated Local File Inclusion

The WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.37 via the 'gridstyle' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server,...

PT-2024-34642 · Wpzoom · Wpzoom Addons For Elementor

Name of the Vulnerable Software and Affected Versions: WPZOOM Addons for Elementor Templates, Widgets plugin for WordPress versions up to, and including, 1.1.37 Description: The issue allows unauthenticated attackers to include and execute arbitrary files on the server via the grid style paramete...

CVE-2024-3812

The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectaricon' shortcode 'iconlinea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3810

The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3810 Salient Shortcodes <= 1.5.3 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...

CVE-2024-3810

CVE-2024-3810 : The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.5.3 via the icon/image attribute used in shortcodes. Authenticated attackers with contributor-level permissions or higher can include and execute arbitrary PHP f...

CVE-2023-23645 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2...

CVE-2024-3551 Penci Soledad Data Migrator <= 1.3.0 - Unauthenticated Local File Inclusion

The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any...