VulnCheck KEV: CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

Jedox 2022.4.2 - Code Execution via RPC Interfaces Vulnerability

Exploit Title: Jedox 2022.4.2 - Code Execution via RPC Interfaces Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2022.4 22.4.2 and older CVE : CVE-2022-47879 Introduction ================= A Remote...

Design/Logic Flaw

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...

CVE-2023-22731 Improper Control of Generation of Code in Twig rendered views in shopware

Shopware is an open source commerce platform based on Symfony Framework and Vue js. In a Twig environment without the Sandbox extension, it is possible to refer to PHP functions in twig filters like map, filter, sort. This allows a template to call any global PHP function and thus execute arbitra...

ROS-20221222-05

A vulnerability in the compiling Twig template handler exists due to failure to take measures to neutralize the special elements. Exploitation of the vulnerability could allow an attacker acting remotely, affect the confidentiality, integrity and availability of protected information by running...

Unsanitized input returned in response is conducive to XSS exploitation

Description During the initial installation process it was identified that the "Create user" form that collects user data, does not properly sanitize the data entry and then prints them on the screen with an error message without any apparent validation, thus allowing the insertion of HTML or...

CVE-2022-2314

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site...

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. PoC https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

WordPress Member Hero plugin code injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

Authorization

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

CVE-2022-0885 Member Hero <= 1.0.9 - Unauthenticated RCE

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

Member Hero <= 1.0.9 - Unauthenticated RCE

The plugin lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. PoC curl https://example.com/wp-admin/admin-ajax.php?action=memberherosendform&memberherohook=phpinfo...

Code injection in Twig

Description When in a sandbox mode, the arrow parameter of the sort filter must be a closure to avoid attackers being able to run arbitrary PHP functions. Resolution We now disallow calling non Closure in the sort filter like we already did for some other filters. Credits We would like to thank...

Remote Code Execution

getgrav/grav is vulnerable to Remote Code Execution. Twig processing does not prevent dangerous PHP functions from being called in Twig templates by default, allowing an attacker to execute arbitrary code to obtain additional privileges...

GHSA-G8R4-P96J-XFXC Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

Grav's Twig processing allowing dangerous PHP functions by default

Impact Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Patches The issue was...

CVE-2021-29440 Twig allowing dangerous PHP functions by default

Grav is a file based Web-platform. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the...

Popular ThemeREX WordPress Plugin Opens Websites to RCE

A critical vulnerability in a WordPress plugin known as “ThemeREX Addons” could open the door for remote code execution in tens of thousands of websites. According to Wordfence, the bug has been actively exploited in the wild as a zero-day. The plugin, which is installed on approximately 44,000...

CVE-2020-10257

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...

Design/Logic Flaw

The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trxaddons/v2/get/sclayout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trxaddonsrestgetsclayout with an unsafe sc parameter...