CVE-2024-3061 HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and...

CVE-2024-3061 HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion

The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and...

CVE-2024-3061

The CVE CVE-2024-3061 affects HUSKY – Products Filter Professional for WooCommerce (WordPress) and describes a Local File Inclusion via the type parameter in all versions up to 1.3.5.2. An authenticated attacker with administrator privileges could include and execute arbitrary PHP files on the se...

CVE-2024-2411

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

CVE-2024-2411

The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...

FoF Pretty Mail 1.1.2 Command Injection

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...

WordPress Plugin MasterStudy LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

HUSKY < 1.3.5.3 - Admin+ Local File Inclusion

Description The plugin is vulnerable to Local File Inclusion via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...

Remote Code Execution (RCE)

johnbillion/wp-crontrol is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of PHP code, which can result RCE...

Remote Code Execution

friendsofsymfony1/symfony1 is vulnerable to Remote Code Execution. The vulnerability is due to the ability to abuse the destruct methods in Swift Mailer classes, which can be exploited to execute arbitrary PHP code if a developer unserializes untrusted user input...

CVE-2024-2203

CVE-2024-2203 : The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 5.4.1 via the Clients widget. Authenticated users with contributor-level access and above can include and execute arbitrary PHP files on the server, enablin...

WordPress Bricks Builder Theme 1.9.6 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unauthenticated RCE in Bricks Builder Theme', 'Description' = %q This module exploits an unauthenticated remote code execution vulnerability in t...

CVE-2024-28850

WP Crontrol for WordPress can enable remote code execution if an attacker chains it with another vulnerability (e.g., a writeable SQLi or arbitrary wp_options updates) that grants control over PHP cron event parameters. The issue is not in the feature itself, but in how a pre-condition could allo...

Premmerce Permalink Manager for WooCommerce < 2.3.11 - Unauthenticated Local File Inclusion

Description The Premmerce Permalink Manager for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.3.10. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

DEBIAN-CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

UBUNTU-CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

CVE-2024-23333

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

LDAP Account Manager Injection Vulnerability

LDAP Account Manager is a web front-end for managing entries e.g. users, groups, DHCP settings stored in LDAP directories. A security vulnerability exists in LDAP Account Manager LAM versions prior to 8.7, which stems from a logging configuration that allows arbitrary paths to be specified for lo...

PT-2024-19815

Name of the Vulnerable Software and Affected Versions LDAP Account Manager LAM versions prior to 8.7 Description LDAP Account Manager LAM is a web frontend for managing entries stored in an LDAP directory. LAM's log configuration allows specifying arbitrary paths for log files. An attacker could...

PT-2024-2816 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability. Exploitation of this issue may allow a remote attacker to inject PHP code. Recommendations: At the moment, there is no...