863 matches found
Contao Core directory traversal vulnerability
A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server...
Wedding Management System Arbitrary File Upload Vulnerability
The Wedding Management System version 1.0 is vulnerable to arbitrary file uploads due to a lack of validation of uploaded files in the Upload Photos module. The vulnerability can be exploited by attackers to execute arbitrary code via specially crafted PHP files...
Hubzilla file inclusion vulnerability
Hubzilla is an open source platform for creating interconnected websites with a decentralized identity, communications and permissions framework built using common web server technology.Hubzilla version 7.2 previously contained a security vulnerability that could be exploited by remote attackers ...
CVE-2022-27257
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...
RiteCMS arbitrary file upload vulnerability
RiteCMS is a web CMS. RiteCMS 3.1.0 and earlier contain an arbitrary file upload vulnerability that allows an authenticated attacker to upload PHP files and bypass the .htacess configuration to execute .php files in the media and files directories for remote command execution...
Social Codia SMS Arbitrary File Upload Vulnerability
Social Codia SMS is an inventory management system from Social Codia India. v1.0 of Social Codia SMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted PHP files...
CVE-2022-27256
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...
CVE-2022-27256
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...
CVE-2022-27256
A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...
zbzcms arbitrary file upload vulnerability
zbzcms station helper CMS is a content management website of China station helper CMS zbzcms company. zbzcms version 1.0 has an arbitrary file upload vulnerability, which can be exploited by attackers to execute arbitrary code via specially crafted PHP files...
zbzcms arbitrary file upload vulnerability (CNVD-2022-30432)
zbzcms station helper CMS is a content management website of China station helper CMS zbzcms company. zbzcms version 1.0 has an arbitrary file upload vulnerability, which can be exploited by attackers to execute arbitrary code via specially crafted PHP files...
AeroCMS 代码问题漏洞
AeroCMS is a content management system from AeroCMS, Inc. AeroCMS v0.0.1 is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted PHP files...
Cross-site Scripting (XSS)
cacti is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization via the reportsadmin.php, dataqueries.php, datainput.php, graphtemplates.php, graphs.php, reportsadmin.php, and datainput.php...
Cross-Site Scripting (XSS)
Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...
CVE-2022-0499
The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones...
taoCMS file upload vulnerability
taoCMS is a file management system. taoCMS is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted PHP files...
GHSA-3FVF-2GP4-89WQ Possibility for Denial of Service by overwriting PHP files with language exports
Impact Laravel Translation Manager didn't check the locale name, which allowed directory traversal when exporting files. The content would be a PHP file returning an array of translations, but this could lead to unexpected results, like denial of service. Access to the Laravel Translation Manager...
Possibility for Denial of Service by overwriting PHP files with language exports
Impact Laravel Translation Manager didn't check the locale name, which allowed directory traversal when exporting files. The content would be a PHP file returning an array of translations, but this could lead to unexpected results, like denial of service. Access to the Laravel Translation Manager...
CVE-2021-24216
The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations...
Design/Logic Flaw
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion...