7211 matches found
Input validation
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...
CVE-2023-22952
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...
SugarCRM 输入验证错误漏洞
SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales representatives. A security...
Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection
---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware input type="...
Membership For WooCommerce < 2.1.7 - Unauthenticated Arbitrary File Upload
The plugin does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. PoC 1. Install and activate WooCommerce dependency, no setup required 2. Create a local file containing the payload on /tmp/payload.php 3...
Unrestricted Logging Filename Lead to RCE
Description This vulnerability occur because there is no filename restriction for saving logging file. In this case attacker can set the filename to existing php file and append php code on it by manipulating the logged input. Proof of Concept 1. Log in using operator account, in this case i try ...
CVE-2021-24942
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...
CVE-2021-24942 Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment...
CVE-2021-24942
The CVE-2021-24942 issue affects the WordPress plugin Menu Item Visibility Control, versions 0.5 and earlier. The underlying problem is that the plugin does not sanitize and validate the Visibility logic option for WordPress menu items, which can allow highly privileged users (Admin+) to execute ...
SeaCMS 代码注入漏洞
SeaCMS is a free and open source web content management system written in PHP. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 11.4. An attacker can exploit the vulnerability to execute arbitrary php code via the notify1...
CVE-2021-39426
CVE-2021-39426 affects SeaCMS Seacms 11.4. The vulnerability exists in /Upload/admin/admin_notify.php where an attacker can execute arbitrary PHP code via the notify1 parameter when action equals set. The issue has a CVSS v3.1 base score of 9.8 (CRITICAL) with NETWORK attack vector, no privileges...
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
Problem Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it was possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular...
TYPO3 8.0.0 < 8.7.49 ELTS / 9.0.0 < 9.5.38 ELTS / 10.0.0 < 10.4.33 / 11.0.0 < 11.5.20 / 12.0.0 < 12.1.1 (TYPO3-CORE-SA-2022-015)
The version of TYPO3 installed on the remote host is prior to 8.0.0 8.7.49 ELTS / 9.0.0 9.5.38 ELTS / 10.0.0 10.4.33 / 11.0.0 11.5.20 / 12.0.0 12.1.1. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2022-015 advisory. - Due to the lack of separating user-submitted...
Akeneo PIM Community Edition vulnerable to remote php code execution
Impact Akeneo PIM Community Edition versions before v5.0.119 and v6.0.53 allows remote authenticated users to execute arbitrary PHP code on the server by uploading a crafted image. Patches Akeneo PIM Community Edition after the versions aforementioned provides patched Apache HTTP server...
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. PoC 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice...
Menu Item Visibility Control <= 0.5 - Admin+ Arbitrary PHP Code Execution
The plugin doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. 1. As an admin, go to "Appearance - Menus" and create a menu with some items of your choice. 2. ...
CVE-2021-43258
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...
CVE-2021-43258
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...
Remote code execution
CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores...
CVE-2021-43258
CVE-2021-43258 affects ChurchInfo 1.3.0 CartView.php, enabling remote code execution via insecure uploads. An authenticated user can attach files to a draft email; attachments are saved to /tmp_attach/ and may be retrieved via HTTP, with PHP files potentially executed on the server. Public exploi...