CVE-2023-4488

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi...

Revolution Slider <= 6.6.12 - Author+ Remote Code Execution

The plugin does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. By default, the import functionality is only available to Admin users. However, the plugin may be configured to allow...

PT-2023-8920 · Libpcap +10 · Libpcap +10

Name of the Vulnerable Software and Affected Versions: libcap affected versions not specified Description: A vulnerability was found in libcap, specifically in the libcap strdup function, which can lead to an integer overflow if the input string is close to 4GiB. This issue may allow an attacker ...

CVE-2023-23879

Cross-Site Request Forgery CSRF vulnerability in Nicolas Zeh PHP Execution plugin = 1.0.0 versions...

CVE-2023-23879

Cross-Site Request Forgery CSRF vulnerability in Nicolas Zeh PHP Execution plugin = 1.0.0 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Nicolas Zeh PHP Execution plugin = 1.0.0 versions...

CVE-2023-23879

CVE-2023-23879 affects WordPress PHP Execution Plugin

CVE-2023-23879 WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Nicolas Zeh PHP Execution plugin = 1.0.0 versions...

baserCMS vulnerable to arbitrary file uploads

Overview baserCMS provided by baserCMS Users Community allows an authenticated user to upload arbitrary files CWE-434. Taisei Inoue of GMO Cybersecurity by Ierae, Inc. and Yusuke Akagi of Mitsui Bussan Secure Directions, Inc., Shiga Takuma of BroadBand Security, Inc. reported this vulnerability t...

CVE-2023-26326

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used t...

PHP Execution <= 1.0.0 - Settings Update via CSRF

The plugin does not have CSRF check when enabling low privilege users such as subscriber the ability to execute PHP code, which could allow attackers to make logged in admins enable such option via a SCRF attack...

WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software PHP Execution Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23879 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 87f55a87695e Credits Mika Required privilege...

inDrive: Disclosure of users' ip address whenever they view my fright offer on image preview (Without interaction)

A vulnerability was disclosed where users' IP addresses were leaked when they viewed freight offers, without any interaction required. By changing post image URLs to external sites, the external site received the user's IP when they viewed the post. This leaked user IPs and location, enabling...

Softnext Technologies Mail SQR Expert 路径遍历漏洞

Softnext Technologies Mail SQR Expert is a comprehensive email content security management system from Softnext Technologies. A security vulnerability exists in Softnext Technologies Mail SQR Expert, which can be exploited by an attacker to execute a PHP file with an arbitrary .asp file extension...

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

PT-2022-15878 · WordPress · Vr Calendar

Name of the Vulnerable Software and Affected Versions: VR Calendar WordPress plugin versions prior to 2.3.3 Description: The issue allows any user to execute arbitrary PHP functions on the site. This can lead to unauthorized access and potential code execution. Recommendations: For versions prior...

CVE-2022-2437

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

EUVD-2015-3250

custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution...

GHSA-X72F-GGJW-V5XH Drupal Core Arbitrary PHP code execution vulnerability

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to...

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...