37 matches found
Sensio Labs Twig Path Traversal Vulnerability
Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A path traversal vulnerability exists in Sensio Labs Twig 1.0.0 and later, versions prior to 1.44.7, 2.0.0 and later, versions prior to 2.15.3, and 3.0.0 and later,...
[SECURITY] Fedora 35 Update: php-twig3-3.3.8-1.fc35
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
Design/Logic Flaw
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...
Debian DLA-2618-3 : smarty3 regression update
The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smartysecurity class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in...
CVE-2020-12675
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
Design/Logic Flaw
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...
PlaySMS index.php Unauthenticated Template Injection Code Execution
This module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called 'TPL' which is used in the PlaySMS template...
Fedora Update for php-twig2 FEDORA-2019-a9a37fed18
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 29 Update: php-twig-1.38.2-2.fc29
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
[SECURITY] Fedora 28 Update: php-twig2-2.7.2-1.fc28
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
OCS Inventory NG Webconsole Shell Upload Vulnerability
OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. Title Unrestricted File Upload RCE in OCS Inventory NG Webconsole before 2.5 Reserved CVE...
CVE-2018-14869
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile...
PHP Template Store Script 3.0.6 - Cross-Site Scripting
Exploit Title: PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name Date: 02.08.2018 Site Titel : Exclusive Scripts Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/ Category: Web Application Version: 3.0.6 Exploit...
onArcade 2.4.x Local File Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: onArcade 2.4.x Local File Get Contents Vulnerability Google Dork: inurl:"cup.php?a=all" Date: 23 Mar 2017 Exploit Author: Deyaa Muhammad Author Mail: contact at deyaa.me Exploit Blog:...
[SECURITY] Fedora 22 Update: php-twig-1.20.0-1.fc22
The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...
phpcms latest vulnerability that! Background direct upload SHELL vulnerability to upload arbitrary files-the vulnerability warning-the black bar safety net
Author: y0u By law the guest Forum Today doing PHPCMS enterprise's basic template, stumbled upon the PHPCMS a direct upload arbitrary file vulnerability. Click on the module business template Management Add corporate template. Then add a ZIP compression package. ZIP archive inside a PHP Trojan,...
PT-2007-2553 · Xt:Commerce · Xt:Commerce
Name of the Vulnerable Software and Affected Versions: xtcommerce affected versions not specified Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the template parameter of the index.php file. This enables access to sensitive information. Recommendations:...