CVE-2022-3387

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files...

CVE-2022-3387

Advantech R-SeeNet Versions 2.4.19 and prior are vulnerable to path traversal attacks. An unauthorized attacker could remotely exploit vulnerable PHP code to delete .PDF files...

Privilege escalation

An arbitrary file upload vulnerability in the component /phpaction/editProductImage.php of Billing System Project v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

Deserialization Of Untrusted Data

melisplatform/melis-front is vulnerable to deserialization of untrusted data. The vulnerability exists in multiple functions because of adding allowedclasses=false param to the unserialize function which allows an attacker to execute of arbitrary PHP code on the system...

CVE-2022-35944

October is a self-hosted Content Management System CMS platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin pan...

CVE-2022-39298

MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of...

CVE-2022-39297

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the...

Authentication flaw

MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of...

CVE-2022-39298 Deserialization of untrusted data in MelisFront

MelisFront is the engine that displays website hosted on Melis Platform. It deals with showing pages, plugins, URL rewritting, search optimization and SEO, etc. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of...

CVE-2022-39297 Deserialization of untrusted data in MelisCms

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the...

CVE-2022-39297

CVE-2022-39297 affects melisplatform/melis-cms prior to 5.0.1. The issue is a deserialization vulnerability that allows an attacker to deserialize untrusted data, ultimately executing arbitrary PHP code on the system without authentication. The root cause is improper handling of user-controlled d...

CVE-2022-39298

MelisFront (melis-front) on Melis Platform contains a deserialization of untrusted data vulnerability that enables arbitrary PHP code execution. The issue affects affected versions of melisplatform/melis-front and can be exploited without authentication. The root cause is deserializing user-contr...

CVE-2022-39297 Deserialization of untrusted data in MelisCms

MelisCms provides a full CMS for Melis Platform, including templating system, drag'n'drop of plugins, SEO and many administration tools. Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the...

melisplatform/melis-cms vulnerable to deserialization of untrusted data

Impact Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-cms, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-cms = 5.0.1...

GHSA-H479-2MV4-5C26 melisplatform/melis-front vulnerable to deserialization of untrusted data

Impact Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-front =...

melisplatform/melis-front vulnerable to deserialization of untrusted data

Impact Attackers can deserialize arbitrary data on affected versions of melisplatform/melis-front, and ultimately leads to the execution of arbitrary PHP code on the system. Conducting this attack does not require authentication. Users should immediately upgrade to melisplatform/melis-front =...

PT-2022-24879 · Melisplatform · Melis-Cms

Name of the Vulnerable Software and Affected Versions: melisplatform/melis-cms versions prior to 5.0.1 Description: The issue allows attackers to deserialize arbitrary data on affected versions of melisplatform/melis-cms, leading to the execution of arbitrary PHP code on the system. This attack...

[SECURITY] Fedora 36 Update: php-twig3-3.4.3-1.fc36

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

PT-2022-9492 · WordPress · Scripts Organizer

Name of the Vulnerable Software and Affected Versions: Scripts Organizer WordPress plugin versions prior to 3.0 Description: The issue concerns the lack of capability and CSRF checks in the saveScript AJAX action, which is accessible to both unauthenticated and authenticated users. Additionally,...

Design/Logic Flaw

Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function fileputcontents. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...