Lucene search
K

863 matches found

Github Security Blog
Github Security Blog
added 2022/05/13 1:42 a.m.43 views

Contao Core directory traversal vulnerability

A logged in back end user can include arbitrary PHP files by manipulating an URL parameter. Since Contao does not allow to upload PHP files in the file manager, the attack is limited to the existing PHP files on the server...

8.8CVSS7AI score0.01962EPSS
Exploits0References7Affected Software3
CNVD
CNVD
added 2022/05/13 12:0 a.m.25 views

Wedding Management System Arbitrary File Upload Vulnerability

The Wedding Management System version 1.0 is vulnerable to arbitrary file uploads due to a lack of validation of uploaded files in the Upload Photos module. The vulnerability can be exploited by attackers to execute arbitrary code via specially crafted PHP files...

7.2CVSS6.1AI score0.01336EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/19 12:0 a.m.29 views

Hubzilla file inclusion vulnerability

Hubzilla is an open source platform for creating interconnected websites with a decentralized identity, communications and permissions framework built using common web server technology.Hubzilla version 7.2 previously contained a security vulnerability that could be exploited by remote attackers ...

7.5CVSS3.1AI score0.01235EPSS
Exploits0References1
NVD
NVD
added 2022/04/15 6:15 p.m.22 views

CVE-2022-27257

A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...

7.5CVSS0.01235EPSS
Exploits0References2
CNVD
CNVD
added 2022/04/15 12:0 a.m.17 views

RiteCMS arbitrary file upload vulnerability

RiteCMS is a web CMS. RiteCMS 3.1.0 and earlier contain an arbitrary file upload vulnerability that allows an authenticated attacker to upload PHP files and bypass the .htacess configuration to execute .php files in the media and files directories for remote command execution...

9CVSS4.9AI score0.29715EPSS
Exploits1References1
CNVD
CNVD
added 2022/04/15 12:0 a.m.21 views

Social Codia SMS Arbitrary File Upload Vulnerability

Social Codia SMS is an inventory management system from Social Codia India. v1.0 of Social Codia SMS is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via crafted PHP files...

7.2CVSS6.1AI score0.02436EPSS
Exploits3References1
OSV
OSV
added 2022/04/13 2:15 p.m.5 views

CVE-2022-27256

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...

6.1CVSS5.9AI score0.01465EPSS
Exploits1References3
NVD
NVD
added 2022/04/13 2:15 p.m.20 views

CVE-2022-27256

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...

6.1CVSS0.01465EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/04/13 1:35 p.m.27 views

CVE-2022-27256

A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter...

6.6AI score0.01465EPSS
Exploits1References3
CNVD
CNVD
added 2022/04/12 12:0 a.m.13 views

zbzcms arbitrary file upload vulnerability

zbzcms station helper CMS is a content management website of China station helper CMS zbzcms company. zbzcms version 1.0 has an arbitrary file upload vulnerability, which can be exploited by attackers to execute arbitrary code via specially crafted PHP files...

9.8CVSS4.9AI score0.01465EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/12 12:0 a.m.25 views

zbzcms arbitrary file upload vulnerability (CNVD-2022-30432)

zbzcms station helper CMS is a content management website of China station helper CMS zbzcms company. zbzcms version 1.0 has an arbitrary file upload vulnerability, which can be exploited by attackers to execute arbitrary code via specially crafted PHP files...

9.8CVSS4.9AI score0.01465EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/08 12:0 a.m.5 views

AeroCMS 代码问题漏洞

AeroCMS is a content management system from AeroCMS, Inc. AeroCMS v0.0.1 is vulnerable to arbitrary file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted PHP files...

7.2CVSS6.1AI score0.02504EPSS
Exploits3References5
Veracode
Veracode
added 2022/03/31 11:5 p.m.24 views

Cross-site Scripting (XSS)

cacti is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization via the reportsadmin.php, dataqueries.php, datainput.php, graphtemplates.php, graphs.php, reportsadmin.php, and datainput.php...

6.1CVSS2.6AI score0.02434EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2022/03/31 7:53 a.m.6 views

Cross-Site Scripting (XSS)

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

6.1CVSS5.6AI score0.02139EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2022/03/28 6:15 p.m.5 views

CVE-2022-0499

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones...

8.8CVSS5.9AI score
Exploits0References1
CNVD
CNVD
added 2022/03/24 12:0 a.m.12 views

taoCMS file upload vulnerability

taoCMS is a file management system. taoCMS is vulnerable to file uploads, which can be exploited by attackers to execute arbitrary code via carefully crafted PHP files...

9.8CVSS5.9AI score0.01615EPSS
Exploits1References1
OSV
OSV
added 2022/03/18 11:17 p.m.13 views

GHSA-3FVF-2GP4-89WQ Possibility for Denial of Service by overwriting PHP files with language exports

Impact Laravel Translation Manager didn't check the locale name, which allowed directory traversal when exporting files. The content would be a PHP file returning an array of translations, but this could lead to unexpected results, like denial of service. Access to the Laravel Translation Manager...

7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/03/18 11:17 p.m.24 views

Possibility for Denial of Service by overwriting PHP files with language exports

Impact Laravel Translation Manager didn't check the locale name, which allowed directory traversal when exporting files. The content would be a PHP file returning an array of translations, but this could lead to unexpected results, like denial of service. Access to the Laravel Translation Manager...

1.4AI score
Exploits0References2Affected Software1
NVD
NVD
added 2022/03/07 9:15 a.m.14 views

CVE-2021-24216

The All-in-One WP Migration WordPress plugin before 7.41 does not validate uploaded files' extension, which allows administrators to upload PHP files on their site, even on multisite installations...

7.2CVSS0.01687EPSS
Exploits2References2
Prion
Prion
added 2022/03/07 9:15 a.m.18 views

Design/Logic Flaw

The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ v 4.0.1 or Admin+ v 4.0.2 users to display arbitrary files from the filesystem such as logs, .htaccess etc, as well as perform Local File Inclusion...

4CVSS4.7AI score0.00435EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder