856 matches found
Deserialization of untrusted data
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1714 Bitrix24 Remote Command Execution (RCE) via Unsafe Variable Extraction
Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...
CVE-2023-1714
CVE-2023-1714 affects Bitrix24 22.0.300; the vulnerability is an unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php, enabling remote authenticated attackers to execute arbitrary code via (1) appending content to existing PHP files or (2) PHAR deserialization. Conne...
CVE-2023-5250
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those file...
PT-2023-29541 · Knowband · Knowband Supercheckout
Name of the Vulnerable Software and Affected Versions: KnowBand supercheckout versions 5.0.7 through 6.0.7 Description: The issue allows a guest to upload files with dangerous extensions, such as .php, in the "Module One Page Checkout, Social Login & Mailchimp" supercheckout module...
SUSE CVE-2023-31132
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...
Privilege escalation
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...
CVE-2023-31132 Cacti Privilege Escalation
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...
CVE-2023-31132
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...
CVE-2023-31132 Cacti Privilege Escalation
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The use...
Webigniter 28.7.23 Shell Upload Vulnerability
Title: WEBIGniter-28.7.23 File Upload - RCE Author: nu11secur1ty Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacker can upload and he...
CVE-2023-23565
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion...
CVE-2023-23565
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion...
CVE-2023-23565
An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion...
CVE-2023-23565
Geomatika IsiGeo Web 6.0 is affected by CVE-2023-23565 via Local File Inclusion, enabling remote authenticated users to retrieve PHP files from the server. The root cause is not fully detailed in the provided documents beyond LFI exposure. Impact is confidentiality loss (C: High) per NVD metrics....
CVE-2023-33367
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution...
Sql injection
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution...
Unrestricted File Upload
responsive-filemanager,is vulnerable to Unrestricted File Upload. The vulnerability exists due to a lack of file upload checks, which allows an attacker with a low-privileged account to upload and execute arbitrary php files...
CVE-2023-32528
Trend Micro Mobile Security Enterprise 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this...