33 matches found
EUVD-2013-7223
Malware in sbrugna...
EUVD-2020-29307
Malware in sbrugna...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx
CVE-2025-57819 FreePBX Pre-Auth RCE FreePBX Pre-Auth RCE 1day...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2025-52207
PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...
CVE-2020-5844
index.php?sec=godmode/extensions&sec2;=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...
CVE-2019-13464
An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...
Mautic Arbitrary File Upload Vulnerability
Mautic is an open source marketing automation application. An arbitrary file upload vulnerability exists in Mautic versions prior to 5.2.3, which stems from insufficient validation of uploaded file extensions and improper handling of file paths. An attacker can exploit this vulnerability to uploa...
CVE-2025-21624
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...
CVE-2025-21624
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...
CVE-2025-21624
CVE-2025-21624 affects ClipBucket V5 prior to 5.5.1-239. The issue is an improper validation in the Manage Playlist file upload that allows uploading a PHP script instead of an image, enabling remote code execution (webshell) in both admin and user areas. The vulnerability is fixed in version 5.5...
CVE-2024-47946
The CVE-2024-47946 issue affects Image Access Scan2Net software. Descriptions across sources state that remote code execution is possible when an attacker with a valid Poweruser session uploads specially crafted valid PNG files containing injected PHP content as desktop backgrounds or lock screen...
PT-2024-34560 · Unknown · Anuj Kumar'S Boat Booking System
Name of the Vulnerable Software and Affected Versions: Anuj Kumar's Boat Booking System version 1.0 Description: The issue allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter in the change-image.php file. This enables attackers to potentially execute...
D-Link DAR-7000-40 Command Execution Vulnerability
The D-Link DAR-7000-40 is an Internet Behavior Audit Gateway from China AUO D-Link. The D-Link DAR-7000-40 suffers from a command execution vulnerability, which is caused by incorrect validation of file extensions in the interface/sysmanage/license authorization.php script. An attacker can exploi...
Remote code execution
controllers/pageapply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume...
AZL-44598 CVE-2019-13464 affecting package mod_security_crs 3.0.0-11
An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...
DEBIAN-CVE-2019-13464
An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...
CVE-2019-12744
SeedDMS prior to 5.1.11 is affected by CVE-2019-12744 due to an unvalidated file upload of PHP scripts, enabling Remote Command Execution over the network. The root cause is the upload of PHP-backdoor-like content into documents, allowing execution of arbitrary commands on the server when the upl...