1408 matches found
CVE-2025-21624
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...
CVE-2017-20128
A vulnerability has been found in KB Messages PHP Script 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit h...
CVE-2024-37149
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
CVE-2025-21624
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...
CVE-2025-21624 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...
CVE-2025-21624
CVE-2025-21624 affects ClipBucket V5 prior to 5.5.1-239. The issue is an improper validation in the Manage Playlist file upload that allows uploading a PHP script instead of an image, enabling remote code execution (webshell) in both admin and user areas. The vulnerability is fixed in version 5.5...
CVE-2024-47946
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code execut...
CVE-2024-47946
The CVE-2024-47946 issue affects Image Access Scan2Net software. Descriptions across sources state that remote code execution is possible when an attacker with a valid Poweruser session uploads specially crafted valid PNG files containing injected PHP content as desktop backgrounds or lock screen...
CVE-2024-51208
File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter...
PT-2024-34560 · Unknown · Anuj Kumar'S Boat Booking System
Name of the Vulnerable Software and Affected Versions: Anuj Kumar's Boat Booking System version 1.0 Description: The issue allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter in the change-image.php file. This enables attackers to potentially execute...
CVE-2024-51208
The CVE concerns Anuj Kumar's Boat Booking System v1.0 where the vulnerable component is change-image.php’s Image Upload Mechanism parameter. The issue is a File Upload vulnerability that lets local attackers upload a malicious PHP script, enabling potential code execution on the system. Exploita...
CVE-2024-51208
File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter...
SmartAgent 1.1.0 Remote Code Execution Vulnerability
Exploit Title: SmartAgent v1.1.0 - Unauthenticated Remote Code Execution Exploit Author: Alter Prime Vendor Homepage: https://smarts-srlcom.com/, https://smartagent.com Version: Build v1.1.0 Tested on: Kali Linux An unauthenticated user can access a php script called...
ABB Cylon Aspect 3.08.00 (log(Mix/Yum)Lookup.php) Off-by-One Error in Log Parsing
Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description A vulnerability was identified in a PHP script where an off-by-one...
ABB Cylon Aspect 3.08.00 Off-By-One
ABB Cylon Aspect 3.08.00 logMix/YumLookup.php Off-by-One Error in Log Parsing Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.00 Summary: ASPECT is an award-winning scalable building energy...
VICIdial 2.14-917a Remote Code Execution Vulnerability
An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective. Title: VICIdial Authenticated Remo...
QuickJob 6.1 Insecure Settings
==================================================================================================================================== | Title : quickjob 6.1 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 125.0.1 64 bits | | Vendo...
UBUNTU-CVE-2024-37149
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
CVE-2024-37149 GLPI allows remote code execution through the plugin loader
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...
CVE-2024-37149 GLPI allows remote code execution through the plugin loader
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated technician user can upload a malicious PHP script and hijack the plugin loader to execute this malicious script. Upgrade to 10.0.16...