Lucene search
K

856 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 2:35 a.m.6 views

CVE-2018-1000658

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...

8.8CVSS7.3AI score0.02137EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 2:8 a.m.12 views

CVE-2010-4522

Multiple cross-site scripting XSS vulnerabilities in MyBB aka MyBulletinBoard 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 editpost.php, 2 member.php, and 3 newreply.php...

4.3CVSS5.9AI score0.01042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:39 a.m.8 views

CVE-2011-3744

HTML Purifier 4.2.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tests/PHPT/Reporter/SimpleTest.php and certain other files...

5CVSS6.3AI score0.01372EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/21 7:50 p.m.4 views

CVE-2005-2998

PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files...

7.5CVSS8.1AI score0.01449EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/04/28 9:14 a.m.19 views

CVE-2025-2101

The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumalllazyloadtemplate' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the serve...

8.1CVSS8.3AI score0.00736EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2025/04/11 12:0 a.m.180 views

flatCore 1.5 - Cross Site Request Forgery (CSRF)

Exploit Title: flatCore 1.5 - Cross Site Request Forgery CSRF Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS Version: d3a5168 Tested on: Ubuntu Windows CVE : CVE-2019-13961 PoC: CSRF PoC...

8.8CVSS8.9AI score0.02254EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2025/04/03 12:0 a.m.7 views

CVE-2024-22611

OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\CPharmacy.class.php and \openemr\controller.php...

8.4AI score0.04993EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 4:20 a.m.6 views

CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

9.8CVSS7.3AI score0.00655EPSS
Exploits0References5
CVE
CVE
added 2025/01/21 5:36 p.m.60 views

CVE-2025-24019

CVE-2025-24019 affects YesWiki up to version 4.4.5, where an authenticated user can delete files using the filemanager due to insecure path handling in the deletion path (fmErase) and lack of path validation, enabling arbitrary file removal across the filesystem and potential defacement or data l...

7.1CVSS6.7AI score0.00568EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/12/05 6:15 a.m.15 views

CVE-2024-11429

The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for...

8.8CVSS0.007EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/21 2:6 a.m.17 views

CVE-2024-10898 Contact Form 7 Email Add on <= 1.9 - Authenticated (Contributor+) Local File Inclusion

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7emailaddonaddadmintemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

8.8CVSS0.01266EPSS
Exploits0References3
CVE
CVE
added 2024/11/21 2:6 a.m.51 views

CVE-2024-10898

CVE-2024-10898 affects the WordPress plugin Contact Form 7 Email Add on (

8.8CVSS8.9AI score0.01266EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2024/10/16 7:15 a.m.13 views

CVE-2021-4443

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

9.8CVSS0.00655EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.7 views

CVE-2021-4443 WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

9.8CVSS7.5AI score0.00655EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.17 views

CVE-2021-4443 WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation

The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compilersave AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code...

9.8CVSS0.00655EPSS
Exploits0References3
CVE
CVE
added 2024/10/16 6:43 a.m.49 views

CVE-2021-4443

CVE-2021-4443 Impact: WordPress Mega Menu plugin (WordPress) versions up to 2.0.6 are vulnerable to Arbitrary File Creation via the compiler_save AJAX action, enabling unauthenticated attackers to create arbitrary PHP files that can execute code. Root cause: improper handling of the compiler_save...

9.8CVSS9.7AI score0.00655EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.7 views

PT-2024-26561 · Unknown · Opensis Community Edition

Name of the Vulnerable Software and Affected Versions: OpenSis Community Edition versions 8.0 through 9.1 Description: The issue is related to SQL injection due to a lack of sanitization. An authenticated user can perform SQL injection because the application directly appends an arbitrary value...

8.8CVSS7.2AI score0.06524EPSS
Exploits2References8
OSV
OSV
added 2024/09/18 3:15 p.m.12 views

CVE-2022-25769

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path...

9.1CVSS6.8AI score
Exploits0References2
Cvelist
Cvelist
added 2024/09/18 2:47 p.m.18 views

CVE-2022-25769 Improper regex in htaccess file

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path...

7.2CVSS0.00502EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/09/18 2:47 p.m.18 views

CVE-2022-25769 Improper regex in htaccess file

ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the regex in the second FilesMatch only checks the filename, not the full path...

7.2CVSS7AI score0.00502EPSS
Exploits0References2
Rows per page
Query Builder