Super Store Finder 3.7 Remote Command Execution

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

Super Store Finder 3.7 Remote Command Execution Vulnerability

Vulnerability : Authenticated Arbitrary PHP Code Injection lead to Remote Code Execution Researcher : Etharus Vendor : Joe Iz, https://www.superstorefinder.net/ Demo Url : https://superstorefinder.net/products/superstorefinder/ Version Affected : 3.7 and below Date : 18 September 2023 FOFA Dork :...

Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload

Description The plugin does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE On a page where there is a form with a Signature field, run the following code in the web developer console while...

Islam CMS 1.0 Code Injection

==================================================================================================================================== | Title : islam cms v1.0 PHP code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit...

Remote Code Execution (RCE)

craftcms/cms is vulnerable to Remote Code Execution. The vulnerability is due to a lack of file protocol removal in FileHelper.php which allows an attacker to upload and execute malicious PHP code into the system...

ACL - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-034

The ACL module, short for Access Control Lists, is an API for other modules to create lists of users and give them access to nodes. The module processes user input in a way that could be unsafe. This can lead to Remote Code Execution via Object Injection. As this is an API module, it is only...

Forum Access - Critical - Arbitrary PHP code execution - SA-CONTRIB-2023-035

This module changes your forum administration page to allow you to set forums private. You can control what user roles can view, edit, delete, and post to each forum. You can also give each forum a list of users who have administrative access on that forum AKA moderators. This module requires the...

CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

Authentication flaw

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

CVE-2022-48538

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cactildapauth allows a zero as the password...

Ongoing Xurum Attacks on E-commerce Sites Exploiting Critical Magento 2 Vulnerability

E-commerce sites using Adobe's Magento 2 software are the target of an ongoing campaign that has been active since at least January 2023. The attacks, dubbed Xurum by Akamai, leverage a now-patched critical security flaw CVE-2022-24086, CVSS score: 9.8 in Adobe Commerce and Magento Open Source...

Remote Code Execution (RCE)

nilsteampassnet/teampass is vulnerable to Remote Code Execution RCE. The vulnerability exists due to lack of restrictions of certain input fields which are directly inserted into a tp.config.php which allows an attacker to inject and execute malicious PHP code...

ILIAS eLearning Platform XSS / Remote Code Execution

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple high risk vulnerabilities product: ILIAS eLearning platform vulnerable version: see section "Vulnerable version" below fixed version: see section "Solution" belo...

CVE-2023-36994

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...

CVE-2023-36992

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...

CVE-2023-36994

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code...