CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

EUVD-2006-1663

Malware in sbrugna...

EUVD-2003-1242

Malware in sbrugna...

EUVD-2005-2016

Malware in sbrugna...

EUVD-2005-2541

Malware in sbrugna...

CVE-2020-22201

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php...

VICIdial 2.14-917 Remote Command Execution

VICIdial version 2.14-917 proof of concept remote command execution exploit that takes advantage of a flaw originally found in 2024. ============================================================================================================================================= | Title : VICIdial v...

SUSE CVE-2016-6609

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

WordPress Plugin Weblizar 8.9 - Backdoor

Exploit Title: WordPress Plugin Weblizar 8.9 - Backdoor Google Dork: 'wp-json/am-member/license' Exploit Author: Sobhan Mahmoodi Vendor Homepage: https://weblizar.com/plugins/school-management/ Version: 8.9 Tested on: windows/linux Vulnerable code: addaction 'restapiinit', function...

GHSA-WPWW-HX7X-XFJH phpMyAdmin PHP code injection

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

Remote Code Execution

dolibarr/dolibarr is vulnerable to remote code execution. The vulnerability exists in doleval function of dolibarr/htdocs/core/lib/functions.lib.php because the strings are not properly sanitized which allows an attacker to inject and execute crafted malicious PHP commands on the file system...

Command injection

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...

CVE-2019-15746

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...

Remote Code Execution (RCE)

dolibarr/dolibarr is vulnerable to remote code execution. The application does not restrict the usage of PHP commands and allows for remote attackers to add dynamic PHP code which could lead to execution of arbitrary OS commands...

CVE-2016-6609

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

Design/Logic Flaw

An issue was discovered in phpMyAdmin. A specially crafted database name could be used to run arbitrary PHP commands through the array export feature. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...

DLA-626-1 phpmyadmin - security update

Bulletin has no description...

Updated phpmyadmin packages fix security vulnerability

In phpMyAdmin before 4.4.15.8, the decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. Also, the same initialization vector IV is used to hash the username and...