Lucene search
K

37 matches found

CNVD
CNVD
added 2022/09/30 12:0 a.m.28 views

Sensio Labs Twig Path Traversal Vulnerability

Sensio Labs Twig is a PHP templating engine from Sensio Labs, France, which supports custom tags and filters and creates DSLs. A path traversal vulnerability exists in Sensio Labs Twig 1.0.0 and later, versions prior to 1.44.7, 2.0.0 and later, versions prior to 2.15.3, and 3.0.0 and later,...

7.5CVSS7.4AI score0.01488EPSS
Exploits0References1
Fedora
Fedora
added 2022/02/13 1:16 a.m.23 views

[SECURITY] Fedora 35 Update: php-twig3-3.3.8-1.fc35

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

9.8CVSS3.2AI score0.08209EPSS
Exploits3
Prion
Prion
added 2022/01/04 8:15 p.m.16 views

Design/Logic Flaw

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template sandbox and in affected versions it has been found that a sandbox escape exists allowing for injection into web pages generated from Latte. This may lead to XSS attacks. The issue is fixed in the...

4.3CVSS6AI score0.00817EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/06 12:0 a.m.36 views

Debian DLA-2618-3 : smarty3 regression update

The security update of smarty3, the compiling PHP template engine, issued as DLA 2618-1 introduced a regression in the smartysecurity class when secure directories are evaluated. Updated smarty3 packages are now available to correct this issue. For Debian 9 stretch, this problem has been fixed in...

7.5CVSS6.3AI score0.03463EPSS
Exploits1References4
NVD
NVD
added 2020/05/29 4:15 p.m.20 views

CVE-2020-12675

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...

8.8CVSS9.1AI score0.02842EPSS
Exploits0References2
Prion
Prion
added 2020/05/29 4:15 p.m.19 views

Design/Logic Flaw

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for...

6.5CVSS9AI score0.05606EPSS
Exploits3References2Affected Software1
Metasploit
Metasploit
added 2020/04/03 2:21 p.m.66 views

PlaySMS index.php Unauthenticated Template Injection Code Execution

This module exploits a preauth Server-Side Template Injection vulnerability that leads to remote code execution in PlaySMS before version 1.4.3. This issue is caused by double processing a server-side template with a custom PHP template system called 'TPL' which is used in the PlaySMS template...

9.8CVSS10AI score0.86689EPSS
Exploits6
OpenVAS
OpenVAS
added 2019/05/07 12:0 a.m.55 views

Fedora Update for php-twig2 FEDORA-2019-a9a37fed18

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2019/03/23 2:58 a.m.23 views

[SECURITY] Fedora 29 Update: php-twig-1.38.2-2.fc29

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

3.2AI score
Exploits0
Fedora
Fedora
added 2019/03/23 2:25 a.m.19 views

[SECURITY] Fedora 28 Update: php-twig2-2.7.2-1.fc28

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

3.2AI score
Exploits0
0day.today
0day.today
added 2018/08/07 12:0 a.m.62 views

OCS Inventory NG Webconsole Shell Upload Vulnerability

OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. Title Unrestricted File Upload RCE in OCS Inventory NG Webconsole before 2.5 Reserved CVE...

0.7AI score0.0369EPSS
Exploits2
OSV
OSV
added 2018/08/06 9:29 p.m.4 views

CVE-2018-14869

PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile...

5.4CVSS5.8AI score0.01604EPSS
Exploits5References2
Exploit DB
Exploit DB
added 2018/08/03 12:0 a.m.40 views

PHP Template Store Script 3.0.6 - Cross-Site Scripting

Exploit Title: PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name Date: 02.08.2018 Site Titel : Exclusive Scripts Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/ Category: Web Application Version: 3.0.6 Exploit...

5.4CVSS5.5AI score0.01604EPSS
Exploits5
0day.today
0day.today
added 2017/03/24 12:0 a.m.32 views

onArcade 2.4.x Local File Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: onArcade 2.4.x Local File Get Contents Vulnerability Google Dork: inurl:"cup.php?a=all" Date: 23 Mar 2017 Exploit Author: Deyaa Muhammad Author Mail: contact at deyaa.me Exploit Blog:...

7.1AI score
Exploits0
Fedora
Fedora
added 2015/08/27 6:33 p.m.14 views

[SECURITY] Fedora 22 Update: php-twig-1.20.0-1.fc22

The flexible, fast, and secure template engine for PHP. Fast: Twig compiles templates down to plain optimized PHP code. The overhead compared to regular PHP code was reduced to the very minimum. Secure: Twig has a sandbox mode to evaluate untrusted template code. This allows Twig to be used as a...

3.1AI score
Exploits0
myhack58
myhack58
added 2012/10/25 12:0 a.m.13 views

phpcms latest vulnerability that! Background direct upload SHELL vulnerability to upload arbitrary files-the vulnerability warning-the black bar safety net

Author: y0u By law the guest Forum Today doing PHPCMS enterprise's basic template, stumbled upon the PHPCMS a direct upload arbitrary file vulnerability. Click on the module business template Management Add corporate template. Then add a ZIP compression package. ZIP archive inside a PHP Trojan,...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2007/02/27 12:0 a.m.5 views

PT-2007-2553 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xtcommerce affected versions not specified Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the template parameter of the index.php file. This enables access to sensitive information. Recommendations:...

5CVSS6.2AI score0.05467EPSS
Exploits0References11
Rows per page
Query Builder