406 matches found
CVE-2023-36992
CVE-2023-36992 affects TravianZ 8.3.3 and 8.3.4, where a PHP injection in the admin page’s config editor allows remote code execution. The issue is located in the config editor component in the admin interface and is documented across multiple sources. Remediation guidance found in connected PT-2...
CVE-2023-36992
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...
CVE-2023-36992
PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...
Improper handling of input value leads to Remote Code Execution or Denial of Service
Description Some value in some input field was directly inserted into a file called "tp.config.php", an attacker can inject malicious PHP code to perform a remote code execution attack. Proof of Concept Go to Settings - MFA - Duo Security function, input this payload: ',; phpinfo; ?// on the...
CVE-2022-45291
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
Hardcoded credentials
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
CVE-2022-45291
PWS Personal Weather Station Dashboard PWSDashboard LTS December 2020 2012lts allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWSprintfile.php, PWSframetext.php, PWSlistfile.php, PWSwinter.php, and PWSeasyweathersetup.php endpoints. A contributing factor ...
Metasploit Weekly Wrap-Up
VMware Workspace ONE Access exploit chain A new module contributed by jheysel-r7 exploits two vulnerabilities in VMware Workspace ONE Access to attain Remote Code Execution as the horizon user. First being CVE-2022-22956, which is an authentication bypass and the second being a JDBC injection in...
SPIP Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP form PHP Injection', 'Description' = %q This module exploits a PHP code injection in SPIP. The vulnerability exists in the oubli parameter a...
CVE-2023-1566
A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has be...
WordPress Google Analyticator Plugin < 6.5.6 Multiple PHP Object Injection Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sumo:googleanalyticator"; if description...
CVE-2023-22952
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...
CVE-2023-22952
In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...
PublishPress Capabilities < 2.5.2 - Admin+ PHP Objection Injection
The plugin unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation in this case requires other plugins with a suitable gadget chain to be present on the site. To simulate a gadge...
Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin class Evil...
Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...
CVE-2021-24890
The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a...
SPIP < 3.2.8 PHP Injection Vulnerability
SPIP is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip";...
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the oups parameter at /ecrire...
CVE-2022-28960
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the oups parameter at /ecrire...