Code injection

An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if adminallowlangedit is enabled...

PT-2023-30234 · Ispconfig · Ispconfig

Name of the Vulnerable Software and Affected Versions: ISPConfig versions prior to 3.2.11p1 Description: An issue was discovered that allows PHP code injection in the language file editor by an admin if admin allow langedit is enabled. This issue can be exploited to achieve PHP code injection...

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

SugarCRM 13.0.1 Shell Upload

------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions:...

SugarCRM 13.0.1 Server-Side Template Injection

---------------------------------------------------------------------------- SugarCRM = 13.0.1 GetControl Server-Side Template Injection Vulnerability ---------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Versio...

ISPConfig Security Vulnerability

ISPConfig is a set of Linux-based open source hosting control panel, which allows you to manage multiple servers, open web sites, monitor server operation status, etc. via a web control panel. A security vulnerability exists in ISPConfig versions prior to 3.2.11p1, which stems from the fact that ...

PT-2023-30232 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 12.0.4 SugarCRM versions prior to 13.0.2 Description: A Server Site Template Injection SSTI issue has been identified in the GecControl action, allowing custom PHP code injection via the GetControl action due to...

CVE-2023-46815

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...

CVE-2023-4488

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...

HCL Technologies Compass File Upload Vulnerability

HCL Technologies Compass is a low-code change management software from HCL Technologies, USA. Manages the full range of testing activities and integration with developer tools. HCL Technologies Compass suffers from a file upload vulnerability that stems from the application's lack of effective...

CVE-2023-5241

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcldopenaiuploadpagetrainingfile function. This allows subscriber-level attackers to append "?php" to any existing file on the server resulting in potential DoS when...

The vulnerability of the Sangfor NGAF firewall lies in the lack of protection for service data, allowing attackers to obtain the original PHP code.

The vulnerability of the Sangfor NGAF firewall lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain the original PHP code by sending a specially crafted HTTP request with an invalid Content-Length field...

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

Code injection

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

CVE-2023-43835

Summary: CVE-2023-43835 affects Super Store Finder 3.7 and earlier. The issue is an authenticated Arbitrary PHP Code Injection vulnerability that can lead to remote code execution when settings overwrite the content of config.inc.php. What’s affected: Super Store Finder software, versions ≤ 3.7. ...

Exploit for Code Injection in Cisco Telepresence_Video_Communication_Server

I started looking at Cisco Expressway after I noticed quite a fe...