856 matches found
CVE-2024-5943
The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab' parameter. This makes it possible for...
CVE-2024-24551
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...
CVE-2024-24550
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...
CVE-2024-24551
CVE-2024-24551 : Bludit is affected by a high-severity vulnerability in the Image API where authenticated attackers can upload and execute PHP files due to improper handling of file uploads. Affected component: Image API/file upload handling in Bludit. Impact: potential remote code execution with...
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files...
PT-2024-20442
Name of the Vulnerable Software and Affected Versions Bludit affected versions not specified Description A security issue has been identified, allowing attackers with knowledge of the API token to upload arbitrary files through the "File API" which leads to arbitrary code execution on the server...
CVE-2024-35306
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...
CVE-2024-35306 OS Command injection in Ajax PHP files through HTTP Request
OS Command injection in Ajax PHP files via HTTP Request, allows to execute system commands by exploiting variables. This issue affects Pandora FMS: from 700 through 777...
CVE-2024-3551
CVE-2024-3551 affects the Penci Soledad Data Migrator plugin for WordPress. It allows Local File Inclusion via the data parameter in all versions up to 1.3.0, enabling unauthenticated attackers to include and execute PHP files on the server, bypassing access controls and potentially leading to co...
CVE-2024-3499
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2024-4306
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...
CVE-2024-4306 Unrestricted Upload of File with Dangerous Type vulnerability in HubBank
Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...
CVE-2023-48710 iTop limit pages/exec.php script to PHP files
iTop is an IT service management platform. Files from the env-production folder can be retrieved even though they should have restricted access. Hopefully, there is no sensitive files stored in that folder natively, but there could be from a third-party module. The pages/exec.php script as been...
PT-2024-23216 · Invision Power Services · Invision Community
Name of the Vulnerable Software and Affected Versions: Invision Community versions prior to 4.7.17 Description: The issue allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPScoremodulesadmineditor toolbar::addPlugin method. This method handles uploaded ZIP...
CVE-2024-29515
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component...
CVE-2024-1358
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...
Directory traversal
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...
CVE-2024-1358 Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...
CVE-2024-1358 Elementor Addon Elements <= 1.12.12 - Directory Traversal to Local File Inclusion
The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on th...