Code injection

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

CVE-2017-7570

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

CVE-2017-7447

HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...

CVE-2017-7447

HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...

Code injection

HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...

CVE-2017-7447

HelpDEZk 1.1.1 has CSRF in admin/home/logos/ with an impact of remote execution of arbitrary PHP code...

CVE-2017-7447

CVE-2017-7447 affects HelpDEZk 1.1.1, with CSRF in the admin path (admin/home#/logos/) that can lead to remote execution of arbitrary PHP code. The vulnerability is documented across multiple sources (NVD/NVD-linked records, CNVD, CVE listings, and exploitation records), and exploit references in...

Design/Logic Flaw

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...

CVE-2017-7402

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...

CVE-2017-7402

Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg...

CVE-2017-7321

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the configkey parameter to the setup/index.php?action=welcome URI...

Code injection

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the configkey parameter to the setup/index.php?action=welcome URI...

Code injection

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the corepath parameter...

CVE-2017-7324

setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the corepath parameter...

CVE-2017-7321

setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the configkey parameter to the setup/index.php?action=welcome URI...

[CVE-2017-2641]Moodle remote code execution vulnerability-vulnerability warning-the black bar safety net

0x01 overview Vulnerability, CVE-2017-2641 allows the attacker in a vulnerable Moodle on the server execute the PHP code. This vulnerability is actually composed of many small holes, as the article said. Moodle is a very popular learning management system, deployed around the world in many...

Code injection

PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot...

MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability',...

Ganglia Web < 3.5.1 PHP Code Execution Vulnerability

Ganglia Web is prone to a PHP code execution vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ganglia:ganglia-web";...

WordPress VaultPress 1.8.4 Remote Code Execution / Man-In-The-Middle Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ VaultPress - Remote Code Execution via Man in The Middle attack ------------------------------------------------------------------------ David Vaartjes, July 2016...