CVE-2018-16974

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters for bypassing the...

CVE-2018-16388

e107web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type...

CVE-2018-16388

e107web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type...

Monstra CMS Arbitrary PHP Code Execution Vulnerability (CNVD-2019-03475)

Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. An arbitrary PHP code execution vulnerability exists in Monstra CMS version 3.0.4, which stems from the...

CVE-2018-15886

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=editsnippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a ?php substring...

Code injection

Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=editsnippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a ?php substring...

CVE-2018-15886

Monstra CMS 3.0.4 is affected by a PHP code execution vulnerability via modified Snippet content, enabling arbitrary PHP code execution (e.g., via selecting admin/snippets edit and appending code after a

CVE-2018-16771

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php...

CVE-2018-16771

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php...

Sql injection

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php...

CVE-2018-16771

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php...

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

Remote code execution

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution...

CVE-2018-16763

Summary (CVE-2018-16763) : Fuel CMS version 1.4.1 is vulnerable to a pre-auth Remote Code Execution via PHP code evaluation. The flaw is triggered through unsafe handling of user-controlled data in the pages/select/ filter parameter or the preview/ data parameter, allowing arbitrary PHP execution...

CVE-2018-16763

FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. Recent assessments: noraj at May 08, 2021 7:33pm UTC reported: Unauthenticated RCE with default config, this is critical. Assessed...

CVE-2018-0658

Input validation issue in EC-CUBE Payment Module 2.12 version 3.5.23 and earlier, EC-CUBE Payment Module 2.11 version 2.3.17 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.12 version 3.5.23 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.11 version 2.3.17 and earlier...

CVE-2018-0645

MTAppjQuery 1.8.1 and earlier allows remote PHP code execution via unspecified vectors...

Input validation

Input validation issue in EC-CUBE Payment Module 2.12 version 3.5.23 and earlier, EC-CUBE Payment Module 2.11 version 2.3.17 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.12 version 3.5.23 and earlier, GMO-PG Payment Module PG Multi-Payment Service 2.11 version 2.3.17 and earlier...