October CMS safe mode bypass using Page template injection

Impact An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safemode being enabled can craft a special request to include PHP code in the CMS...

PT-2023-29217 · October · October

Name of the Vulnerable Software and Affected Versions: October versions prior to 3.4.15 Description: The issue allows an authenticated backend user with the editor.cms pages, editor.cms layouts, or editor.cms partials permissions to write specific Twig code and execute arbitrary PHP, despite...

SugarCRM 13.0.1 Shell Upload Exploit

SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the setnoteattachment SOAP call. ------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability...

PT-2023-30249 · Crafter · Crater

Name of the Vulnerable Software and Affected Versions: crater versions 6.0.0 through 6.0.6 Description: The issue allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image, specifically through the "/api/v1/company/upload-logo"...

Revolution Slider <= 6.6.12 - Author+ Remote Code Execution

The plugin does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations. By default, the import functionality is only available to Admin users. However, the plugin may be configured to allow...

CVE-2023-23879

Cross-Site Request Forgery CSRF vulnerability in Nicolas Zeh PHP Execution plugin = 1.0.0 versions...

CVE-2023-23879

CVE-2023-23879 affects WordPress PHP Execution Plugin

PHP Execution <= 1.0.0 - Settings Update via CSRF

The plugin does not have CSRF check when enabling low privilege users such as subscriber the ability to execute PHP code, which could allow attackers to make logged in admins enable such option via a SCRF attack...

WordPress PHP Execution Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software PHP Execution Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23879 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 87f55a87695e Credits Mika Required privilege...

inDrive: Disclosure of users' ip address whenever they view my fright offer on image preview (Without interaction)

A vulnerability was disclosed where users' IP addresses were leaked when they viewed freight offers, without any interaction required. By changing post image URLs to external sites, the external site received the user's IP when they viewed the post. This leaked user IPs and location, enabling...

Softnext Technologies Mail SQR Expert 路径遍历漏洞

Softnext Technologies Mail SQR Expert is a comprehensive email content security management system from Softnext Technologies. A security vulnerability exists in Softnext Technologies Mail SQR Expert, which can be exploited by an attacker to execute a PHP file with an arbitrary .asp file extension...

CVE-2022-35239

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...

GHSA-X72F-GGJW-V5XH Drupal Core Arbitrary PHP code execution vulnerability

Arbitrary PHP code execution vulnerability in Drupal Core under certain circumstances. An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could attempt to...

CVE-2020-13671

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations. This issue affects: Drupal Drupal Core 9.0 versions prior to...

GHSA-RHX9-3QF7-R3J7 Drupal Remote code execution

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerabl...

Drupal Remote code execution

A 3rd party development library including with Drupal 8 development dependencies is vulnerable to remote code execution. This is mitigated by the default .htaccess protection against PHP execution, and the fact that Composer development dependencies aren't normal installed. You might be vulnerabl...

CVE-2022-0661

The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user Admin+ to inject arbitrary HTML or javascript even with unfilteredhtml disallowed, leading to a stored cross-site scripting XSS...

Drupal Core Remote Code Execution Vulnerability

In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases...

Privilege escalation

sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...

CVE-2021-24825

The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion...