Lucene search
K

856 matches found

Vulnrichment
Vulnrichment
added 2024/09/17 7:56 p.m.9 views

CVE-2024-45398 Remote command execution through file upload in contao/core-bundle

Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does...

8.3CVSS8.4AI score0.00532EPSS
Exploits0References2
OSV
OSV
added 2024/09/17 2:58 p.m.6 views

GHSA-VM6R-J788-HJH5 Contao affected by remote command execution through file upload

Impact Back end users with access to the file manager can upload malicious files and execute them on the server. Patches Update to Contao 4.13.49, 5.3.15 or 5.4.3. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory...

8.7CVSS8.8AI score0.00532EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2024/09/11 12:0 a.m.318 views

Queuing Simple Chatbot 1.0 Shell Upload

============================================================================================================================================= | Title : Queuing Simple Chatbot 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
OSV
OSV
added 2024/09/05 4:15 p.m.3 views

CVE-2024-45171

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...

8.8CVSS5.9AI score0.00921EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2024/09/02 12:0 a.m.236 views

eClass LMS 6.2.0 Shell Upload

==================================================================================================================================== | Title : eClass LMS v6.2.0 shell upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/08/17 6:0 a.m.13 views

CVE-2024-6459 News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

7.3AI score0.01022EPSS
Exploits1References1
NVD
NVD
added 2024/08/16 6:15 a.m.21 views

CVE-2024-6460

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

9.8CVSS0.04826EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/16 6:0 a.m.26 views

CVE-2024-6460 Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

0.04826EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/08/16 6:0 a.m.10 views

CVE-2024-6460 Grow by Tradedoubler <= 2.0.21 - Unauthenticated LFI

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

9.6AI score0.04826EPSS
Exploits1References1
CVE
CVE
added 2024/08/16 6:0 a.m.72 views

CVE-2024-6460

The WordPress plugin Grow by Tradedoubler (versions ≤ 2.0.21) is affected by an unauthenticated Local File Inclusion via the component parameter, allowing inclusion and execution of PHP files on the server (high impact). Remediation: upgrade to version 2.0.22 or later. The CVSS in the source reco...

9.8CVSS6.8AI score0.04826EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/30 6:15 a.m.18 views

CVE-2024-5807

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

7.2CVSS0.00645EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/30 6:0 a.m.24 views

CVE-2024-5807 Business Card <= 1.0.0 - Admin+ File Upload

The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations...

0.00645EPSS
Exploits1References1
CVE
CVE
added 2024/07/30 6:0 a.m.51 views

CVE-2024-5807

The CVE-2024-5807 entry concerns the WordPress plugin Business Card (

7.2CVSS6.9AI score0.00645EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/29 6:15 a.m.12 views

CVE-2024-5882

The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the uclpage and layout parameters allowing unauthenticated users to access PHP files on the server from the listings page...

7.5CVSS0.00762EPSS
Exploits1References1
OSV
OSV
added 2024/07/29 6:15 a.m.4 views

CVE-2024-5882

The Ultimate Classified Listings WordPress plugin before 1.3 does not validate the uclpage and layout parameters allowing unauthenticated users to access PHP files on the server from the listings page...

7.5CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2024/07/29 6:0 a.m.47 views

CVE-2024-5882

The CVE CVE-2024-5882 affects the WordPress plugin Ultimate Classified Listings (versions before 1.3). It arises from missing validation of the ucl_page and layout parameters, enabling unauthenticated users to access PHP files on the server from the listings page (Local File Inclusion). Red Hat a...

7.5CVSS6.6AI score0.00762EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/07/13 6:0 a.m.18 views

CVE-2024-5450 Bug Library < 2.1.1 - Unauthenticated RCE

The Bug Library WordPress plugin before 2.1.1 does not check the file type on user-submitted bug reports, allowing an unauthenticated user to upload PHP files...

0.00754EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/05 12:0 a.m.14 views

CVE-2024-39210

Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application...

7.1AI score0.00841EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/05 12:0 a.m.21 views

CVE-2024-39210

Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application...

0.00841EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/05 12:0 a.m.5 views

Best House Rental Management System Security Vulnerability

Best House Rental Management System is a house rental management system by Mayuri K. Individual developer. A security vulnerability exists in Best House Rental Management System version 1.0, which stems from an arbitrary file read issue that includes a parameter. An attacker can read arbitrary PH...

7.5CVSS6.6AI score0.00841EPSS
Exploits0References2
Rows per page
Query Builder