OS Command Injection

microweber is vulnerable to OS command injection. The vulnerability exists due to a default fall through in a switch case for php version 6 to 12, allowing an attacker to injection maliciously crafted command via the plupload function...

WBCE CMS 1.5.2 Remote Code Execution

Exploit Title: WBCE CMS 1.5.2 - Remote Code Execution RCE Authenticated Date: 02/01/2022 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://wbce.org/ Software Link: https://wbce.org/de/downloads/ Version: 1.5.2 Tested on: Linux - PHP Version: 8.0.14 Github repo:...

Updated phpmyadmin packages fix security vulnerability

A flaw was identified in how phpMyAdmin processes two factor authentication; a user could potentially manipulate their account to bypass two factor authentication in subsequent authentication sessions PMASA-2022-1. A series of weaknesses was identified allowing a malicious user to submit maliciou...

PHP 7.3.x < 7.3.33

The version of PHP installed on the remote host is prior to 7.3.33. It is, therefore, affected by a vulnerability as referenced in the Version 7.3.33 advisory. - In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile,...

PHP 8.0.x < 8.0.12 Privilege Escalation

According to its self-reported version number, the version of PHP running on the remote web server is 7.3.x priori to 7.3.32, 7.4.x prior to 7.4.25 or 8.0.x prior to 8.0.12. It is, therefore, affected by a privilege escalation vulnerability. The root FPM process can be forced to read/write at...

CVE-2021-21705

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

Gutenberg Template Library & Redux Framework < 4.2.13 - Unauthenticated Sensitive Information Disclosure

Some AJAX actions of the plugin, available to unauthenticated users and used for support features could allow attackers to obtain potentially sensitive information such as the PHP version, active plugins along with their versions, as well as the unsalted MD5 hashes of the site’s AUTHKEY and...

PHP < 7.3.28 Email Header Injection

According to its self-reported version number, the version of PHP running on the remote web server is prior to 7.3.28. It is, therefore affected by an email header injection vulnerability, due to a failure to properly handle CR-LF sequences in header fields. An unauthenticated, remote attacker ca...

CVE-2020-20698

A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...

S-CMS Remote Code Execution Vulnerability (CNVD-2021-94956)

S-CMS is a product developed by Zibo Shining Network Technology Co., Ltd. that provides solutions for building enterprise websites. a remote code execution vulnerability exists in /1.com.php in S-CMS version 3.0 PHP version. An attacker can exploit the vulnerability by modifying PHP files to get ...

PHP 7.3.15-3 - &#039;PHP_SESSION_UPLOAD_PROGRESS&#039; Session Data Injection

Exploit Title: PHP 7.3.15-3 - 'PHPSESSIONUPLOADPROGRESS' Session Data Injection Date: 26/7/2021 Exploit Author: SiLvER | Faisal Alhadlaq Tested on: PHP Version is 7.3.15-3 This poc will abusing PHPSESSIONUPLOADPROGRESS then will trigger race condition to get remote code execution, the script will...

PHP 7.3.x < 7.3.29 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

PHP 8.x < 8.0.8 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.3.x prior to 7.3.29, 7.4.x prior to 7.4.21, or 8.x prior to 8.0.8. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF bypass in FILTERVALIDATEURL...

CVE-2021-21704

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...

CVE-2020-22164

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\checkavailability.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

Projectsworlds College Management System SQL Injection Vulnerability

Projectsworlds College Management System is a college management system. projectWorlds College Management System Php version 1.0 is vulnerable to SQL injection, which can be exploited by attackers to execute SQL statements to obtain sensitive database information...

Voting System 1.0 - Authentication Bypass Vulnerability

Exploit Title: Voting System 1.0 - Authentication Bypass SQLI Exploit Author: secure77 Vendor Homepage: https://www.sourcecodester.com/php/12306/voting-system-using-php.html Software Link: https://www.sourcecodester.com/download-code?nid=12306&title=Voting+System+using+PHP%2FMySQLi+with+Source+Co...

&#039;customhs_js_content&#039; - &#039;customhs_js_content&#039; Cross-Site Request Forgery

Exploit Title: GetSimple CMS Custom JS Plugin 0.1 - 'customhsjscontent' Cross-Site Request Forgery Exploit Author: Abhishek Joshi Date: March 25, 2021 Vendor Homepage: http://get-simple.info/extend/plugin/custom-js/1267 / http://get-simple.info/download Software Link:...

SQL Injection Vulnerability in SongCMS PHP Version of Guangdong Kegel Technology Co.

SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. A SQL injection vulnerability exists in the PHP version of SongCMS by Guangdong Kager...