CVE-2020-5577

Movable Type series Movable Type 7 r.4606 7.2.1 and earlier Movable Type 7, Movable Type Advanced 7 r.4606 7.2.1 and earlier Movable Type Advanced 7, Movable Type for AWS 7 r.4606 7.2.1 and earlier Movable Type for AWS 7, Movable Type 6.5.3 and earlier Movable Type 6.5, Movable Type Advanced 6.5....

CVE-2020-5844

index.php?sec=godmode/extensions&sec2;=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

CVE-2011-4046

The Dell KACE K2000 System Deployment Appliance stores the recovery account password in cleartext within a PHP script, which allows context-dependent attackers to obtain sensitive information by examining script source code...

CVE-2019-13464

An issue was discovered in OWASP ModSecurity Core Rule Set CRS 3.0.2. Use of X.Filename instead of XFilename can bypass some PHP Script Uploads rules, because PHP automatically transforms dots into underscores in certain contexts where dots are invalid...

CVE-2013-4796

ReviewBoard 1.6.17 allows code execution by attaching PHP scripts to review request...

CVE-2013-5931

SQL injection vulnerability in propertylistingsdetail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter...

CVE-2017-17951

PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter...

PT-2025-22520 · Unknown · Nexus Series +2

Name of the Vulnerable Software and Affected Versions: ASPECT-Enterprise versions through 3.08.03 NEXUS Series versions through 3.08.03 MATRIX Series versions through 3.08.03 Description: The issue allows PHP script injection if session administrator credentials become compromised. This is relate...

ABB多款产品 代码问题漏洞

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

📄 Car Rental System 1.0 Shell Upload

This Metasploit module exploits an authenticated remote code execution vulnerability in the Online Car Rental System 1.0 via the changeimage1.php endpoint. An authenticated attacker can upload malicious PHP scripts without proper validation, enabling arbitrary code execution on the server. This...

GHSA-GV5R-9GXR-V74W Bootstrap Multiselect Vulnerable to CSRF and Reflective XSS via Arbitrary POST Data

An issue was discovered in post.php in bootstrap-multiselect aka Bootstrap Multiselect 1.1.2. A PHP script in the source code echoes arbitrary POST data. If a developer adopts this structure wholesale in a live application, it could create a Reflective Cross-Site Scripting XSS vulnerability...

CVE-2025-30207 Kirby vulnerable to path traversal in the router for PHP's built-in server

Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or...

PT-2025-28 · Ооо '1С Битрикс' · Модуль Iblock

Уязвимость модуля iblock системы управления содержимым сайтов CMS 1С-Битрикс: Управление сайтом связана с неверным управлением генерацией кода. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путём его внедрения в произвольный PHP-сценарий,...

ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)

ABB Cylon Aspect 3.08.02 escDevicesUpdate.php Off-by-One Config Write DoS Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.02 Summary: ASPECT is an award-winning scalable building energy...

GE Proficy Cimplicity 7.5 Directory Traversal

GE Proficy Cimplicity version 7.5 proof of concept directory traversal vulnerability that takes advantage of a flaw discovered in 2013. ============================================================================================================================================= | Title : GE Profic...

Dotclear 2.29 Shell Upload

Dotclear version 2.29 proof of concept remote shell upload exploit that leverages a previously discovered vulnerability from 2024. ============================================================================================================================================= | Title : Dotclear 2.29...

Zontal Arcade HTML 5 Game Portal PHP Script SQL Injection

Zontal Arcade HTML 5 Game Portal PHP Script suffers from a remote SQL injection vulnerability. This software does not list a version but was reported as of March 05, 2025 to be vulnerable. Exploit Title: Zontal Arcade HTML 5 Game Portal PHP Script - SQL Injection Date: 05-03-2025 Exploit Author:...

Linux Distros Unpatched Vulnerability : CVE-2012-1823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properly handle query strings that lack a...

js2py 0.74 Code Execution

js2py version 0.74 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : js2py versions 0.74 Code Injection Vulnerability | | Author : indoushka | | Teste...

Mautic Arbitrary File Upload Vulnerability

Mautic is an open source marketing automation application. An arbitrary file upload vulnerability exists in Mautic versions prior to 5.2.3, which stems from insufficient validation of uploaded file extensions and improper handling of file paths. An attacker can exploit this vulnerability to uploa...