856 matches found
CVE-2024-45398 Remote command execution through file upload in contao/core-bundle
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does...
GHSA-VM6R-J788-HJH5 Contao affected by remote command execution through file upload
Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...
Queuing Simple Chatbot 1.0 Shell Upload
============================================================================================================================================= | Title : Queuing Simple Chatbot 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
CVE-2024-45171
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...
eClass LMS 6.2.0 Shell Upload
==================================================================================================================================== | Title : eClass LMS v6.2.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...
CVE-2024-6459 News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI
The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2024-6460
The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2024-6460 Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI
The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2024-6460 Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI
The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...
CVE-2024-6460
The WordPress plugin Grow by Tradedoubler (versions ≤ 2.0.21) is affected by an unauthenticated Local File Inclusion via the component parameter, allowing inclusion and execution of PHP files on the server (high impact). Remediation: upgrade to version 2.0.22 or later. The CVSS in the source reco...
CVE-2024-5807
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...
CVE-2024-5807 Business Card <= 1.0.0 - Admin+ File Upload
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...
CVE-2024-5807
The CVE-2024-5807 entry concerns the WordPress plugin Business Card (
CVE-2024-5882
The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the uclpage and layout parameters allowing unauthenticated users to access PHP files on the server from the listings page...
CVE-2024-5882
The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the uclpage and layout parameters allowing unauthenticated users to access PHP files on the server from the listings page...
CVE-2024-5882
The CVE CVE-2024-5882 affects the WordPress plugin Ultimate Classified Listings (versions before 1.3). It arises from missing validation of the ucl_page and layout parameters, enabling unauthenticated users to access PHP files on the server from the listings page (Local File Inclusion). Red Hat a...
CVE-2024-5450 Bug Library < 2.1.1 - Unauthenticated RCE
The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files...
CVE-2024-39210
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application...
CVE-2024-39210
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application...
Best House Rental Management System Security Vulnerability
Best House Rental Management System is a house rental management system by Mayuri K. Individual developer. A security vulnerability exists in Best House Rental Management System version 1.0, which stems from an arbitrary file read issue that includes a parameter. An attacker can read arbitrary PH...