PT-2025-45071

Name of the Vulnerable Software and Affected Versions AI Engine plugin for WordPress versions prior to 3.1.4 AI Engine versions 2.8.x and 2.9.x prior to 2.9.5 Description The AI Engine plugin for WordPress has a Sensitive Information Exposure issue via the /mcp/v1/ REST API endpoint. When the...

EUVD-2019-5241

Malware in sbrugna...

CVE-2014-125115

An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhashdata parameter, allowing attackers to extract administrator credentials or active session tokens via crafted...

CVE-2019-13979

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads//originals remote code execution...

CVE-2019-13980

In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads//originals remote code execution with nginx...

CVE-2015-9340

The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files...

Remote Code Execution (RCE)

yeswiki/yeswiki is vulnerable to Remote Code Execution RCE. The vulnerability is due to arbitrary file write, which allows attackers to upload PHP files that can be executed on the server...

CVE-2025-29401

CVE-2025-29401 is an arbitrary file upload vulnerability affecting emlog pro v2.5.7 in the /views/plugin.php component. The issue allows an attacker to upload a crafted PHP file and achieve remote code execution (RCE). The CVSS 3.1 vector indicates network access, no privileges required, no user ...

PT-2023-30518 · Unknown · Guest Entries

Name of the Vulnerable Software and Affected Versions: Guest Entries versions prior to 3.1.2 Description: The file uploads feature in Guest Entries did not prevent the upload of PHP files, which may lead to code execution on the server by authenticated users. Recommendations: For versions prior t...

CVE-2020-9454

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...

CVE-2020-9454

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...

The vulnerability of the openregion.security module of the “Open Region” platform, which arises due to insufficient validation of input data, allows attackers to execute arbitrary code or carry out cross-site scripting attacks.

The vulnerability of the “Open Region” platform exists due to insufficient verification of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or perform a cross-site scripting attack by uploading files with extensions .pht, .php7, .php5, .php3, .php4,...

RANGER Studio Directus Code Execution Vulnerability (CNVD-2019-39679)

RANGER Studio Directus is a set of open source headless CMS and API for managing custom databases from RANGER Studio, U.S.A. The Directus API is one of the components that can add a RESTful API layer to new or existing SQL databases. A security vulnerability exists in the RANGER Studio Directus 7...

CVE-2019-13979

In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads//originals remote code execution...

Design/Logic Flaw

edit.php in LabWiki 1.1 and earlier does not properly verify uploaded user files, which allows remote authenticated users to upload arbitrary PHP files via a PHP file with a .gif extension in the userfile parameter...

AlstraSoft Template Seller Pro <= 3.25 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo " AlstraSoft Template Seller Pro = 3.25 Remote Code Execution Exploit by BlackHawk [email protected] http://itablackhawk.altervista.org Thanks to rgod for the php code and Marty for the Love "; if $argc4 echo "Usage:...