CVE-2022-43074

AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fstupload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

PT-2022-25504 · Unknown · Mail Sqr Expert System

Name of the Vulnerable Software and Affected Versions: Mail SQR Expert system affected versions not specified Description: The issue allows an unauthenticated remote attacker to execute arbitrary PHP files with a .asp file extension under specific system paths. This can lead to accessing and...

CVE-2022-42206

PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting XSS via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php...

Online Diagnostic Lab Management System Code Issue Vulnerability

Online Diagnostic Lab Management System is an online diagnostic lab management system. version v1.0 of Online Diagnostic Lab Management System contains a security vulnerability that can be exploited by attackers to execute arbitrary code via crafted PHP files...

CVE-2022-3076

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...

CVE-2022-3076 CM Download Manager < 2.8.6 - Admin+ Arbitrary File Upload

The CM Download Manager WordPress plugin before 2.8.6 allows high privilege users such as admin to upload arbitrary files by setting the any extension via the plugin's setting, which could be used by admins of multisite blog to upload PHP files for example...

Ajax Load More < 5.5.4.1 - Admin+ Arbitrary File Read

The plugin does not properly validates paths generated with user input in the almrepeatersexport function, which could allow high privilege users to read arbitrary files form the server even when they should not be able to have access to any, for example in multisite setup This is due to an...

CVE-2022-1939

The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to...

CVE-2022-1409

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code...

CVE-2022-1409

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code...

Code injection

The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.8 does not properly validate images, allowing high privilege users such as administrators to upload PHP files disguised as images and containing malicious PHP code...

CVE-2022-1409

CVE-2022-1409 affects the WordPress VikBooking Hotel Booking Engine & PMS plugin prior to 1.5.8. The vulnerability arises from improper image validation in uploads, allowing high-privilege users (e.g., administrators) to upload PHP files disguised as images containing executable PHP code. This ca...

Contao Core directory traversal vulnerability

A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server...

GHSA-X5G4-CRXQ-QXJX Contao Core directory traversal vulnerability

A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server...

Wedding Management System Arbitrary File Upload Vulnerability

The Wedding Management System version 1.0 is vulnerable to arbitrary file uploads due to a lack of validation of uploaded files in the Upload Photos module. The vulnerability can be exploited by attackers to execute arbitrary code via specially crafted PHP files...

Hubzilla file inclusion vulnerability

Hubzilla is an open source platform for creating interconnected websites with a decentralized identity, communications and permissions framework built using common web server technology.Hubzilla version 7.2 previously contained a security vulnerability that could be exploited by remote attackers ...

CVE-2022-27257

A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...

RiteCMS arbitrary file upload vulnerability

RiteCMS is a web CMS. RiteCMS 3.1.0 and earlier contain an arbitrary file upload vulnerability that allows an authenticated attacker to upload PHP files and bypass the .htacess configuration to execute .php files in the media and files directories for remote command execution...

Social Codia SMS Arbitrary File Upload Vulnerability

Social Codia SMS is an inventory management system from Social Codia India. v1.0 of Social Codia SMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted PHP files...

CVE-2022-27256

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...