CVE-2020-8865

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition 5.2.22. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process doe...

GHSA-G9RQ-X4FJ-F5HX Remote Code Execution Through Image Uploads in BookStack

Impact A user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area o...

Remote Code Execution (RCE)

ssddanbrown/bookstack is vulnerable to remote code execution RCE. The attack exists because it allows untrusted users to upload PHP files to any area of applications by using image upload function and to execute the malicious PHP code on host system with PHP process permissions...

Horde Groupware Webmail Edition edit Page Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute local PHP files on affected installations of Horde Groupware Webmail Edition. Authentication is required to exploit this vulnerability. The specific flaw exists within edit.php. When parsing the paramstemplate parameter, the process does not...

PT-2020-20336 · Horde · Horde Groupware Webmail Edition

Name of the Vulnerable Software and Affected Versions: Horde Groupware Webmail Edition version 5.2.22 Description: This issue allows remote attackers to execute local PHP files on affected installations. Authentication is required to exploit this issue. The specific flaw exists within the edit.ph...

CVE-2020-5256

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...

CVE-2020-5256 Remote Code Execution Through Image Uploads in BookStack

BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...

CVE-2020-10225

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution...

CVE-2020-10225

An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution...

CVE-2019-19989

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

CVE-2019-20385

The CSV upload feature in /supervisor/procesacarga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/ content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI...

Unrestricted File Upload

verot/class.upload.php allows unrestricted file upload. The lack of file extension validation on file uploads allow a remote attacker to upload malicious files ending with .phar. When browsing to the uploaded file, the server executes the code in the file in the context of the server...

CVE-2020-7106

Cacti 1.2.8 has stored XSS in datasources.php, colortemplatesitem.php, graphs.php, graphitems.php, lib/apiautomation.php, useradmin.php, and usergroupadmin.php, as demonstrated by the description parameter in datasources.php a raw string from the database that is displayed by $header to trigger t...

CVE-2015-5951

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands...

Unrestricted file upload

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands...

CVE-2015-5951

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web root and execute system commands...

Unrestricted file uploads in Contao

Impact A back end user with access to the form generator can upload arbitrary files and execute them on the server. Patches Update to Contao 4.4.46 or 4.8.6. Workarounds Configure your web server so it does not execute PHP files and other scripts in the Contao file upload directory. References...

TitanHQ WebTitan has an unspecified vulnerability (CNVD-2019-44522)

TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. The vulnerability can be exploited by an attacker to execute arbitrary code by overwriting an existing file or adding a new PHP file to the web root directory...