7211 matches found
Code injection
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php...
GHSA-6955-67HM-VJJQ Drupal core arbitrary PHP code execution
Drupal core sanitizes filenames with dangerous extensions upon upload and strips leading and trailing dots from filenames to prevent uploading server configuration files. However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site we...
Drupal core arbitrary PHP code execution
Drupal core sanitizes filenames with dangerous extensions upon upload and strips leading and trailing dots from filenames to prevent uploading server configuration files. However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site we...
Transposh WordPress Translation 1.0.8.1 Remote Code Execution
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File...
Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants
Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
Updated 2022-07-20 19:45 UTC to indicate that this only affects Apache web servers. Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference:...
Remote Code Execution (RCE)
winter/storm is vulnerable to Remote Code Execution. An authenticated attacker with permission to create or modify theme templates with the cms editor can disable the cms.enableSafeMode feature, allowing for the modification of the backend php code through the web interface...
GHSA-Q37H-JHF3-85CJ Bypass of CMS Safe Mode Security Feature
Impact Authenticated users with permissions to create or modify theme template objects through the backend "CMS" editor can exploit this vulnerability to bypass the cms.enableSafeMode security feature if enabled disables modification of PHP code through the web interface when enabled. This is onl...
Bypass of CMS Safe Mode Security Feature
Impact Authenticated users with permissions to create or modify theme template objects through the backend "CMS" editor can exploit this vulnerability to bypass the cms.enableSafeMode security feature if enabled disables modification of PHP code through the web interface when enabled. This is onl...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
Cross site request forgery (csrf)
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
CVE-2020-19896
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...
Arbitrary file deletion
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...
CVE-2020-19896
CVE-2020-19896 affects Minicms v1.9 and is a file inclusion vulnerability that lets remote attackers execute arbitrary PHP code via the file post-edit.php. The NVD metrics indicate a CVSSv3.1 base score of 9.8 (CRITICAL) with network access, low attack complexity, no user interaction, and impacts...
CVE-2020-19896
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...
MiniCMS 安全漏洞
MiniCMS is to simple personal website content management system. A security vulnerability exists in MiniCMS v1.9. An attacker exploited the vulnerability to execute arbitrary PHP code via late editing...
CVE-2021-41421
A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel...
CVE-2021-41421
A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel...