gps-server.net GPS Tracking Software (self hosted) Remote Code Execution Vulnerability

gps-server.net GPS Tracking Software self hosted is a GPS location tracking program. The program is able to manage tracking history, reports, events, notifications and more. A security vulnerability exists in the 'writeLog' function in the fncommon.php file in gps-server.net GPS Tracking Software...

b2evolution Remote PHP Code Execution Vulnerability

b2evolution is prone to a remote PHP code execution vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3.x before 3.1.32 is vulnerable to PHP code injection when fetch() or display() are used on custom resources that do not sanitize the template name. Root cause: unsanitized template-name handling in Smarty’s fetch/display paths can lead to arbitrary code execution in PHP contexts. The CVE ...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

CVE-2017-1000480

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template name...

b2evolution CMS 6.8.10 PHP Code Execution

b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install functionality CVE: CVE-2017-1000423 Credit: Anti RA$?is...

b2evolution CMS 6.8.10 PHP Code Execution Vulnerability

Exploit for php platform in category web applications b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install...

CVE-2017-1000423

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...

Input validation

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...

CVE-2017-1000423

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...

CVE-2017-1000423

CVE-2017-1000423 affects b2evolution CMS versions 6.6.0–6.8.10. The root cause is input validation in the basic install functionality (backslash and single quote escape), allowing an unauthenticated attacker to gain PHP code execution on the victim’s setup. Multiple sources corroborate a remote P...

CVE-2017-1000423

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation backslash and single quote escape in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup...

CVE-2017-1000453

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution...

CVE-2017-1000453

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution...

CVE-2017-1000453

CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution...

CVE-2017-1000453

CMS Made Simple versions 2.1.6 and 2.2 are affected by a Smarty templating injection in some core modules, enabling unauthenticated PHP code execution. The vulnerability stems from core module handling of Smarty templates (root cause as described). Impact is unauthenticated code execution with po...

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...