CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2024/03/26 12:0 a.m.•2 views

PT-2024-19164 · WordPress · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including, 5.4.1 Description: The issue allows authenticated attackers with contributor-level access and above to include and execute arbitrary files on the server via the...

8.8CVSS9.8AI score0.00354EPSS

Exploits0References5

OSV•added 2024/03/07 9:15 a.m.•1 views

CVE-2024-1382

The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the ndrstlayout attribute of the ndrstsearch shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and...

8.8CVSS7.8AI score0.00952EPSS

Cvelist•added 2024/03/07 8:34 a.m.•15 views

CVE-2024-1382 Restaurant Reservations <= 1.9 - Directory Traversal to Authenticated (Contributor+) Local File Inclusion

8.8CVSS9.1AI score0.00952EPSS

NVD•added 2024/02/05 10:15 p.m.•7 views

CVE-2023-6989

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP...

9.8CVSS9.6AI score0.67335EPSS

OSV•added 2024/02/05 10:15 p.m.•3 views

CVE-2023-6989

9.8CVSS7.5AI score0.67335EPSS

ATTACKERKB•added 2024/02/05 10:15 p.m.•1 views

CVE-2023-6989

9.8CVSS5.9AI score0.67335EPSS

Exploits0References4

GithubExploit•added 2024/01/26 9:35 a.m.•340 views

Exploit for CVE-2023-47400

CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...

8.9AI score

Exploits1

OSV•added 2023/12/15 9:15 a.m.•2 views

CVE-2023-48382

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...

6.5CVSS6AI score

NVD•added 2023/12/01 10:15 p.m.•11 views

CVE-2023-44382

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

9.1CVSS0.00246EPSS

Cvelist•added 2023/12/01 9:48 p.m.•17 views

CVE-2023-44382 October CMS safe mode bypass using Twig sandbox escape

9.1CVSS9.6AI score0.00246EPSS

CNNVD•added 2023/12/01 12:0 a.m.•3 views

October Code Injection Vulnerability

October is an open source Content Management System CMS and web platform from October. October suffers from a code injection vulnerability, which originates from the use of "editor.cmspages", "editor.cmslayouts" or "editor.cmsparticles" with "cms.safemode" enabled. editor.cmspages",...

9.1CVSS7.9AI score0.00246EPSS

OSV•added 2023/11/29 9:33 p.m.•12 views

GHSA-P8Q3-H652-65VX October CMS safe mode bypass using Twig sandbox escape

Impact An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safemode being enabled can write specific Twig code to escape the Twig sandbox and execu...

9.1CVSS9.5AI score0.00246EPSS

OSV•added 2023/11/29 9:33 p.m.•10 views

GHSA-Q22J-5R3G-9HMH October CMS safe mode bypass using Page template injection

Impact An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safemode being enabled can craft a special request to include PHP code in the CMS...

4.9CVSS5.4AI score0.00175EPSS

Github Security Blog•added 2023/11/29 9:33 p.m.•30 views

October CMS safe mode bypass using Page template injection

Impact An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safemode being enabled can craft a special request to include PHP code in the CMS...

4.9CVSS7.5AI score0.00175EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2023/11/29 12:0 a.m.•3 views

PT-2023-29217 · October · October

Name of the Vulnerable Software and Affected Versions: October versions prior to 3.4.15 Description: The issue allows an authenticated backend user with the editor.cms pages, editor.cms layouts, or editor.cms partials permissions to write specific Twig code and execute arbitrary PHP, despite...

9.1CVSS9.3AI score0.00246EPSS

Exploits0References8

OSV•added 2023/11/02 2:15 p.m.•1 views

UBUNTU-CVE-2023-42802

GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...

10CVSS5.8AI score0.06157EPSS

Vulnrichment•added 2023/10/31 11:29 a.m.•2 views

CVE-2023-5099 HTML filter and csv-file search <= 2.7 - Authenticated (Contributor+) Local File Inclusion via Shortcode

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute...

8.8CVSS7.8AI score0.00227EPSS