EditorsKit < 1.31.6 - Contributor+ Arbitrary PHP Code Execution

The plugin does not sanitise and validate the Conditional Logic of the Custom Visibility settings, allowing users with a role as low contributor to execute Arbitrary PHP code PoC As a contributor, create/edit a post and put the below code while in Code Editor mode: \n aa \n Save or Preview the...

CVE-2021-40373

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the tabs-information-page of coremainconfig, and then executing that code via the index.php?app=main&inc=corewelcome URI...

CVE-2021-40373

playSMS before 1.4.5 allows Arbitrary Code Execution by entering PHP code at the tabs-information-page of coremainconfig, and then executing that code via the index.php?app=main&inc=corewelcome URI...

CVE-2021-39459

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code...

Remote code execution

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code...

Remote code execution

PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...

GHSA-V92M-HHHW-VV9V Code injection in codiad

Codiad Web IDE through 2.8.4 allows PHP Code injection...

CVE-2020-19822

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

Remote code execution

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

CVE-2020-19822

A remote code execution RCE vulnerability in templateuser.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters...

D-Link DIR-816 Command Execution Vulnerability (CNVD-2021-67516)

The D-Link DIR-816 is a wireless router from D-Link, Taiwan, China.The D-Link DIR-816 has a security vulnerability that could be exploited by attackers to execute arbitrary php code via the typename parameter...

PT-2021-10414 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2018 Description: A remote code execution issue in the template user.php file allows attackers to execute arbitrary PHP code. This is achieved via the ml and title parameters. Recommendations: For ZZCMS version 2018, consider...

DedeCMS arbitrary PHP code execution vulnerability (CNVD-2021-94947)

DedeCMS Weaving Dream Content Management System is an open source content management system that is simple, robust, flexible, and open source. an arbitrary PHP code execution vulnerability exists in the plus/search.php component of DedeCMS 5.7 SP2. The vulnerability stems from the contents of...

Code injection

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...

CVE-2020-18917

The plus/search.php component in DedeCMS 5.7 SP2 allows remote attackers to execute arbitrary PHP code via the typename parameter because the contents of typename.inc are under an attacker's control...

flatCore remote code execution vulnerability

flatCore is a PHP and SQLite based Web Content Management System CMS. flatCore version 2.0.7 is vulnerable to remote code execution. An attacker can exploit the vulnerability to execute arbitrary php code by uploading the addon plugin...

The vulnerability of the File Manager plugin (wp-file-manager) of the WordPress content management system allows a hacker to execute arbitrary PHP code on the target system.

The vulnerability of the File Manager plugin wp-file-manager in the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows a malicious actor to execute any PHP code on the target system remotely...

CVE-2021-39608

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...

Remote code execution

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...

CVE-2021-39608

Remote Code Execution RCE vulnerabilty exists in FlatCore-CMS 2.0.7 via the upload addon plugin, which could let a remote malicious user exeuct arbitrary php code...