Lucene search
K

406 matches found

RedhatCVE
RedhatCVE
added 2025/07/03 3:22 p.m.22 views

CVE-2025-34060

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...

10CVSS8AI score0.00689EPSS
Exploits0References1
NVD
NVD
added 2025/07/01 3:15 p.m.6 views

CVE-2025-34060

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...

10CVSS0.00689EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/01 6:35 a.m.12 views

CVE-2025-48492

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

8.8CVSS7.6AI score0.00764EPSS
Exploits1References1
NVD
NVD
added 2025/05/30 7:15 a.m.15 views

CVE-2025-48492

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

8.8CVSS0.00764EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/30 6:13 a.m.9 views

CVE-2025-48492 GetSimple CMS RCE in Edit component

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

8.6CVSS7.2AI score0.00764EPSS
Exploits1References1
CVE
CVE
added 2025/05/30 6:13 a.m.72 views

CVE-2025-48492

GetSimple CMS is affected in versions 3.3.16–3.3.21. An authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution (RCE). The issue is mitigated by upgrading to version 3.3.22, w...

8.8CVSS7.2AI score0.00764EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/05/30 6:13 a.m.6 views

CVE-2025-48492 GetSimple CMS RCE in Edit component

GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into a component file and execute it via a crafted query string, resulting in Remote Code Execution RCE. This issue is set to ...

8.6CVSS7.3AI score0.00764EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:24 a.m.6 views

CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

10CVSS6AI score0.00606EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:8 a.m.7 views

CVE-2024-21519

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename including...

7.2CVSS7AI score0.00719EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:28 a.m.10 views

CVE-2023-50029

PHP Injection vulnerability in the module "M4 PDF Extensions" m4pdf up to version 3.3.2 from PrestaAddons for PrestaShop allows attackers to run arbitrary code via the M4PDF::saveTemplate method...

10CVSS7.8AI score0.00792EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.6 views

CVE-2023-36992

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code...

7.2CVSS7.7AI score0.00978EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 11:16 p.m.8 views

CVE-2022-36262

An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php...

9.8CVSS7.3AI score0.01481EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.8 views

CVE-2022-28960

A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the oups parameter at /ecrire...

8.8CVSS7.8AI score0.01821EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:23 p.m.8 views

CVE-2021-24280

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the importfromdebug AJAX action to inject PHP objects...

8.8CVSS6.6AI score0.01967EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:30 a.m.7 views

CVE-2019-17301

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the ModuleBuilder module by an Admin user...

7.2CVSS7.5AI score0.01353EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/05/01 3:47 p.m.56 views

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execut...

7.7AI score
Exploits0
Patchstack
Patchstack
added 2025/03/13 1:49 a.m.9 views

WordPress All in One WP Migration plugin <= 7.89 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin All-in-One WP Migration versions = 7.89...

7.5CVSS9.2AI score0.00521EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2025/03/05 12:0 a.m.275 views

Wazuh 4.4.0 Remote Code Execution

Wazuh version 4.4.0 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v4.4.0 PHP Code Injection Vulnerability | | Author...

9.9CVSS8.3AI score0.92579EPSS
Exploits10
Ubuntu
Ubuntu
added 2025/03/04 12:21 a.m.17 views

USN-7318-1: SPIP vulnerabilities

It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. CVE-2022-23638 It was discovered that SPIP did not properly sanitize certain inputs....

9.8CVSS7.2AI score0.99637EPSS
Exploits35
OSV
OSV
added 2025/03/04 12:21 a.m.5 views

USN-7318-1 spip vulnerabilities

It was discovered that svg-sanitizer, vendored in SPIP, did not properly sanitize SVG/XML content. An attacker could possibly use this issue to perform cross site scripting. This issue only affected Ubuntu 24.10. CVE-2022-23638 It was discovered that SPIP did not properly sanitize certain inputs....

9.8CVSS7AI score0.99637EPSS
Exploits35References9
Rows per page
Query Builder