Lucene search
K

856 matches found

OSV
OSV
added 2024/03/06 11:10 a.m.12 views

BIT-SUITECRM-2020-8803

SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webroot via addtoprospectlist...

9.8CVSS9.5AI score0.03308EPSS
Exploits1References4
0day.today
0day.today
added 2024/03/02 12:0 a.m.495 views

BoidCMS 2.0.0 Command Injection Exploit

This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. This module requires Metasploit:...

8.8CVSS7.1AI score0.73211EPSS
Exploits8
Prion
Prion
added 2024/03/01 10:15 p.m.10 views

Remote file inclusion

A local file inclusion LFI in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customersupport/index.php...

7.2AI score0.00766EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/01 12:0 a.m.10 views

CVE-2023-49544

A local file inclusion LFI in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customersupport/index.php...

6.9AI score0.00766EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/03/01 12:0 a.m.14 views

CVE-2023-49544

A local file inclusion LFI in Customer Support System v1 allows attackers to include internal PHP files and gain unauthorized acces via manipulation of the page= parameter at /customersupport/index.php...

6.8AI score0.00766EPSS
Exploits1References3
Prion
Prion
added 2024/02/20 12:15 a.m.17 views

Code injection

Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI...

6.5CVSS6.9AI score0.00856EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.11 views

Shield Security – Smart Bot Blocking & Intrusion Prevention Security < 18.5.10 - Unauthenticated Local File Inclusion

Description The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and...

7.5CVSS7.3AI score0.56567EPSS
Exploits0References1Affected Software1
Wordfence Blog
Wordfence Blog
added 2024/02/05 3:0 p.m.26 views

Local File Inclusion Vulnerability Patched in Shield Security WordPress Plugin

On December 18, 2023, right before the end of Holiday Bug Extravaganza, we received a submission for a Local File Inclusion vulnerability in Shield Security, a WordPress plugin with more than 50,000+ active installations. It’s important to note that this vulnerability is limited to just the...

7.5CVSS8.3AI score0.56567EPSS
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2022-4328

The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server...

9.8CVSS7.4AI score0.04427EPSS
Exploits2References1
NVD
NVD
added 2024/01/08 7:15 p.m.12 views

CVE-2023-6140

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution...

8.8CVSS9.1AI score0.01095EPSS
Exploits2References1
Prion
Prion
added 2023/12/26 7:15 p.m.20 views

Remote code execution

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution...

6.5CVSS8.1AI score0.01096EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/12/15 8:24 a.m.37 views

CVE-2023-48382

The CVE-2023-48382 entry concerns Softnext Mail SQR Expert with a Local File Inclusion (LFI) vulnerability in a mail delivery URL. An unauthenticated attacker can exploit this to execute arbitrary PHP files with a .asp extension in certain system paths and access/modify partial system information...

6.5CVSS6.7AI score0.00617EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/28 8:15 a.m.32 views

CVE-2023-4226

Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

8.8CVSS9AI score0.0183EPSS
Exploits1References5
NVD
NVD
added 2023/11/28 8:15 a.m.22 views

CVE-2023-4223

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

8.8CVSS0.0183EPSS
Exploits1References5
Prion
Prion
added 2023/11/28 8:15 a.m.18 views

Unrestricted file upload

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

6.5CVSS7.9AI score0.0183EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2023/11/28 7:22 a.m.21 views

CVE-2023-4225 Chamilo LMS File Upload Functionality Remote Code Execution

Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

8.8CVSS9.2AI score0.0183EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2023/11/28 7:22 a.m.18 views

CVE-2023-4225 Chamilo LMS File Upload Functionality Remote Code Execution

Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

8.8CVSS8.9AI score0.0183EPSS
Exploits2References5
Cvelist
Cvelist
added 2023/11/28 7:19 a.m.26 views

CVE-2023-4224 Chamilo LMS File Upload Functionality Remote Code Execution

Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

8.8CVSS9.2AI score0.01828EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2023/11/28 7:18 a.m.13 views

CVE-2023-4223 Chamilo LMS File Upload Functionality Remote Code Execution

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

8.8CVSS7.6AI score0.0183EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/11/28 12:0 a.m.3 views

PT-2023-28297 · Unknown · Chamilo Lms

Name of the Vulnerable Software and Affected Versions: Chamilo LMS versions prior to 1.11.24 Description: The issue concerns an unrestricted file upload in the /main/inc/ajax/document.ajax.php endpoint, allowing authenticated attackers with a learner role to achieve remote code execution by...

8.8CVSS8.9AI score0.02433EPSS
Exploits6References8
Rows per page
Query Builder