PT-2018-18906 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: The issue allows remote attackers to execute arbitrary PHP code. This is achieved via the egroup parameter to the "/uploads/dede/stepselect main.php" API endpoint, as code within the database is accessible to...

Cross site request forgery (csrf)

Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...

CVE-2018-8893

Z-BlogPHP 1.5.1 Zero has CSRF in pluginedit.php, resulting in the ability to execute arbitrary PHP code...

CVE-2018-8893

Z-BlogPHP 1.5.1 Zero contains a CSRF flaw in plugin_edit.php that can lead to remote arbitrary PHP code execution. Affected component: plugin_edit.php within Z-BlogPHP 1.5.1 Zero. Root cause: cross-site request forgery enabling code execution (as described in CVE-2018-8893). The connected documen...

osCommerce 2.3.4.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on:...

osCommerce 2.3.4.1 Remote Code Execution

Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on: Linux, Windows If an Admin has not removed the /install/...

CVE-2018-9134

filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...

CVE-2018-9134

filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...

Cross site request forgery (csrf)

filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...

CVE-2018-9134

filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...

CVE-2018-9134

The CVE-2018-9134 entry describes a CSRF flaw in file_manage_control.php in DedeCMS 5.7 where the fmdo=rename action allows an attacker to rename a file under uploads/userup to a .php file in the web root, enabling PHP code execution. Root cause: CSRF in the rename action; impact: potential remot...

Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)

Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload', 'Description' = %q...

osCommerce 2.3.4.1 - Remote Code Execution

osCommerce 2.3.4.1 - Remote Code Execution Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on: Linux, Window...

Code injection

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter...

CVE-2018-8823

modules/bamegamenu/ajaxphpcode.php in the Responsive Mega Menu Horizontal+Vertical+Dropdown Pro module 1.0.32 for PrestaShop 1.5.5.0 through 1.7.2.5 allows remote attackers to execute arbitrary PHP code via the code parameter...

TestLink Open Source Test Management Code Execution

Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any present in my.cnf i.e chang...

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Exploit

Exploit for linux platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-add...

Cross site request forgery (csrf)

DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, because the partcode parameter in a tagtestaction.php request can specify a runphp field in conjunction with PHP code...

CVE-2018-7700

DedeCMS 5.7 (including 5.7SP2) is vulnerable to CSRF that can lead to arbitrary code execution via the partcode parameter in tag_test_action.php (runphp field with PHP code). Exploitation appears in the wild (2025), and remediation is to apply security patches/update to a newer DedeCMS version. A...

TestLink Open Source Test Management 1.9.16 - Remote Code Execution (PoC)

TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any presen...