tp5cms Arbitrary File Upload Vulnerability

tp5cms is a content management system CMS framework written in the PHP language and based on technologies such as ThinkPHP, swiper and bootstrap. A security vulnerability exists in the admin.php/upload/picture.html page in tp5cms 2017-05-25 and earlier versions. A remote attacker can exploit the...

Design/Logic Flaw

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...

CVE-2018-19692

An issue was discovered in tp5cms through 2017-05-25. admin.php/upload/picture.html allows remote attackers to execute arbitrary PHP code by uploading a .php file with the image/jpeg content type...

PT-2018-14968 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP versions prior to 1.5.1 Description: The issue allows remote attackers to execute arbitrary PHP code by uploading an image with the image/jpeg content type to the "zb system/admin/index.php?act=UploadMng" API endpoint. This requires...

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

Code injection

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url=...

CVE-2018-19404

In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url=...

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

phpBB 3.2.3: Phar Deserialization to RCE

Impact phpBB is one of the oldest and most popular board software. If an attacker aims to take over a board running phpBB3, he will usually attempt to gain access to the admin control panel by means of bruteforcing, phishing or XSS vulnerabilities in plugins that the target site has installed. Bu...

WordPress Duplicator Plugin < 1.2.42 RCE Vulnerability

An issue was discovered in Snap Creek Duplicator. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. SPDX-FileCopyrightText: 2018 Greenbone AG Some tex...

OCS Inventory NG ocsreports Shell Upload

Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST /ocsreports/index.php?function=telepackage HTTP/1.1 Host: 192.168.5.135 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:61.0 Gecko/20100101...

OCS Inventory NG ocsreports Shell Upload Vulnerability

OCS Inventory NG suffers from an ocsreports authenticated remote code execution vulnerability via a shell upload. OCS Inventory NG ocsreports Shell Upload Request 1 This request creates a temporary file containing PHP code in the /usr/share/ocsinventory-reports/ocsreports/a.php.a/ directory. POST...

CVE-2018-19220

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI...

Code injection

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI...

CVE-2018-19220

LAOBANCMS 2.0 is affected by an arbitrary PHP code execution flaw that can be triggered by the host parameter to the install/ URI. The issue is remote, unauthenticated, and exploitable over network with the potential for high impact (per CVSSv3.0: CRITICAL, 9.8; Confidentiality/Integrity/Availabi...

Code injection

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

Exploit for Improper Authentication in Phpmyadmin

CVE-2018-12613 Local file inclusion bug due to filter bypass u...

CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

CVE-2018-19053

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...

Code injection

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...