10 matches found
CVE-2026-22206 SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...
CVE-2026-22206
SPIP
EUVD-2010-4692
Malware in sbrugna...
Unikrn: Urgent: Server side template injection via Smarty template allows for RCE
Hi All, I've found an issue which has allowed me to execute filegetcontents and extract your /etc/passwd file. Description It appears as though you are using smarty on the backend for templating. Entering a malicious payload as my firstname, lastname and nickname and then inviting a user to join...
phpwcms 1.7.9 Code Execution
Security Advisory - Curesec Research Team 1. Introduction Affected Product: phpwcms 1.7.9 Fixed in: 1.8.0 RC1 Fixed Version https://github.com/slackero/phpwcms/archive/ Link: phpwcms-1.8.0-RC1.zip Vendor Website: http://www.phpwcms.de/ Vulnerability Code Execution Type: Remote Yes Exploitable:...
CVE-2010-4727
Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors...
DEBIAN-CVE-2010-4727
Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors...
CVE-2010-4727
Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors...
Design/Logic Flaw
Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors...
CVE-2010-4727
Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors...