CVE-2017-17561

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/adminping.php, which interacts with data/admin/ping.php...

CVE-2017-17561

SeaCMS 6.56 is affected by an arbitrary PHP code execution vulnerability. Remote authenticated administrators can exploit a crafted token field sent to admin/admin_ping.php (which interacts with data/admin/ping.php) to run arbitrary PHP code on the server. This vulnerability is documented across ...

Code injection

The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page...

LvyeCMS Code Execution Vulnerability

LvyeCMS is a content management system developed by China Lvye Network Technology using ThinkPHP framework and an independent grouping approach. A security vulnerability exists in LvyeCMS 3.1 and earlier versions. The vulnerability can be exploited by a remote attacker to upload and execute...

Design/Logic Flaw

DISPUTED October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file...

CVE-2017-16941

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a...

CVE-2017-16941

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a...

CVE-2017-16941

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a...

EllisLab ExpressionEngine Cross-Site Scripting Vulnerability

EllisLab ExpressionEngine is the United States EllisLab company's set of content management system CMS, it provides Web publishing, template engine and attachment components and other modules. A cross-site scripting vulnerability exists in EllisLab ExpressionEngine version 3.4.2. A remote attacke...

Code execution vulnerability in LvyeCMS StyeController.class.php page

LvyeCms 旅烨cms is a php content management system based on ThinkPHP. A code execution vulnerability exists in the LvyeCMS StyeController.class.php page. An attacker can upload and execute arbitrary PHP code via a directory traversal sequence...

CVE-2017-16903

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...

Directory traversal

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php...

CVE-2017-16903

Vulnerability summary: LvyeCMS up to version 3.1 is susceptible to remote code execution via directory traversal in the dir parameter combined with inline PHP in the content parameter during a template Style add request to index.php. This yields arbitrary PHP code execution on affected servers. T...

Cross site scripting

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting that results in PHP code injection. Affected product/version is explicitly stated (ExpressionEngine 3.4.2). The impact is described as XSS leading to PHP code execution, with no explicit exploit details, vectors, or affected co...

CVE-2017-1000160

EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection...

CVE-2017-1000196

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

Design/Logic Flaw

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...

CVE-2017-1000196

October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server...