CVE-2021-43617

Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for...

Cross site scripting

Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection cross-site-scripting in the collection title. The problem is patched in version 1.6.41. As a workaround, on...

RPCMS has a file upload vulnerability

RPCMS is a lightweight php content management system, which can be used as a blog system, corporate website system, etc. RPCMS has a file upload vulnerability that can be exploited by attackers to gain server privileges...

SQL Injection Vulnerability in RPCMS

RPCMS is a lightweight php content management system, which can be used as a blogging system and so on. RPCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

FDCMS File Containment Vulnerability

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A file inclusion vulnerability exists in FDCMS version 4.0. An attacker can exploit this vulnerability to obtain a webshell in the background via Front/lib/Action/FindexAction.class.php...

Command Execution Vulnerability in DHCMS

DHCMS is a content management system based on PHP and MySQL. DHCMS suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...

Arbitrary File Deletion Vulnerability in SECMS

SECMS is an open source PHP content management system. SECMS has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete files and cause a system reinstallation...

Arbitrary File Deletion Vulnerability in Catfish CMS

Catfish CMS is an open source and free PHP content management system. An arbitrary file deletion vulnerability exists in the Catfish CMS backend. An attacker can exploit the vulnerability to delete arbitrary files...

Incorrect ACL Check Vulnerability in Joomla!

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An incorrect ACL checking vulnerability exists in Joomla! 3.0.0 - 3.9.24. An...

XSS Vulnerability in CatfishCMS 5.5.3

Catfish catfish CMS is open source free PHP content management system. Catfishcms V5.5.3 has an xss vulnerability that can be exploited by attackers to obtain user cookie information...

OIC Exponent CMS Input Validation Error Vulnerability (CNVD-2021-02030)

OIC Exponent CMS is a free, open source modular content management system CMS based on PHP from OIC, USA. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. An input validation error vulnerability exists in Exponen...

CatfishCMS suffers from a logic flaw vulnerability (CNVD-2020-73469)

CatfishCMS is a PHP content management system does not require a high depth of expertise easy to build the site using simple to adapt to different needs. CatfishCMS has a logic flaw vulnerability that can be exploited by attackers to obtain sensitive information...

Rukovoditel 2.7.1 - Remote Code Execution (2) (Authenticated)

!/usr/bin/python3 Exploit Title: Rukovoditel 2.7.1 - Remote Code Execution Authenticated Exploit Author: @danyx07 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: Rukovoditel -p you can provide credentials, load the image with PHP...

Drupal Command Injection Vulnerability

Drupal is an open source content management system developed by the Drupal community using the PHP language. A security vulnerability exists in Drupal versions 8.8.x before 8.8.8, 8.9.x before 8.9.1, and 9.0.x before 9.0.1. An attacker can exploit the vulnerability to execute code with the help o...

PHPCMS suffers from SQL injection vulnerability

PHPCMS uses OOP object-oriented approach to the independent development of the framework. The framework is easy to expand, stable and with ultra-powerful load capacity, can fully meet the government agencies, educational institutions, institutions, commercial enterprises, individual webmasters...

CVE-2020-10963

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload and consequently Remote Code Execution via admin/tipsimage/image/fileupload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued...

CVE-2020-10963

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload and consequently Remote Code Execution via admin/tipsimage/image/fileupload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued...

CVE-2020-10963

FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload and consequently Remote Code Execution via admin/tipsimage/image/fileupload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued...

SQL Injection Vulnerability in zzzcms sa***.php Page

zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the zzzcms sa.php page, which can be exploited by an attacker to obtain sensitive information from the database...

Creatiwity wityCMS cross-site scripting vulnerability (CNVD-2019-19292)

Creatiwity wityCMS is a lightweight PHP-based content management system CMS. A cross-site scripting vulnerability exists in the utilisateur menu in Creatiwity wityCMS version 0.6.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker ca...