TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)

TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC. CVE-2018-7466. Remote exploit for Linux platform Title: TestLink Open Source Test Management= 1.9.16 Remote Code Execution By Manish error1046 Vendor Home Page: http://testlink.org Disovered At: Indishell Lab CVE ID:...

Creditwest Bank CMS Project Cross-Site Request Forgery Vulnerability

The Creditwest Bank CMS Project aka CWCMS is a content management system CMS. A cross-site request forgery vulnerability exists in the Website Configuration Update feature in Creditwest Bank CMS Project 2017-07-28 and prior releases. A remote attacker can exploit this vulnerability to inject...

ZZCMS 'siteurl' parameter PHP code injection vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. The vulnerability can be exploited to inject PHP code by sending 'siteurl' parameter to install/index.php file...

Cross site request forgery (csrf)

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

CVE-2018-8972

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

CVE-2018-8972

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

CVE-2018-8972

Creditwest Bank CMS Project (CWCMS) prior to 2017-07-28 contains a cross-site request forgery (CSRF) vulnerability in the Website Configuration Update feature. This CSRF flaw enables an attacker to inject arbitrary PHP code, demonstrated by a PHP shell that calls eval on request parameters. Affec...

Code injection

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

CVE-2018-8966

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

CVE-2018-8966

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

PT-2018-18745 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue in zzcms allows PHP code injection via the siteurl parameter to the "install/index.php" endpoint, enabling the injection of PHP code, such as a phpinfo call, into "/inc/config.php". Recommendations: For...

CVE-2018-8756

Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=membercontent&a=init request...

Security feature bypass

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...

Security feature bypass

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...

CVE-2018-5780

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...

CVE-2018-5781

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...

CVE-2018-5782

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...

Security feature bypass

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...

CVE-2018-5780

The CVE-2018-5780 issue affects Mitel Connect ONSITE (versions R1711-PREM and earlier) and Mitel ST (14.2 GA28 and earlier), where an unauthenticated attacker could inject PHP code via crafted requests to vnewmeeting.php, enabling arbitrary PHP execution within the application. Connected CNVD/NVD...

CVE-2018-5782

CVE-2018-5782 affects Mitel Connect ONSITE (ShoreTel) ST14.2 and Mitel ST, specifically versions including and prior to GA28. The vulnerability is in the conferencing component and allows an unauthenticated attacker to inject and execute arbitrary PHP code via crafted requests to vsethost.php, re...