CVE-2024-36679

In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...

CVE-2024-4620

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form...

UBUNTU-CVE-2024-35226

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...

CVE-2024-35226 PHP Code Injection by malicious attribute in extends-tag in Smarty

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. Al...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

POC exploit for Dolibarr example: python3 exploit.py http...

CVE-2024-5407

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

CVE-2024-5407

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

CVE-2024-5407

CVE-2024-5407 affects RhinOS 3.0-1190. A PHP code injection via the search parameter in /portal/search.htm is described, enabling a remote attacker to run a reverse shell and thereby compromise the entire infrastructure. Concrete details from connected sources specify the vulnerable component (Rh...

CVE-2024-5407 Code Injection vulnerability in RhinOS from SaltOS

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

CVE-2024-5407 Code Injection vulnerability in RhinOS from SaltOS

A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure...

PT-2024-36021 · Rhinos · Rhinos

Name of the Vulnerable Software and Affected Versions: RhinOS versions 3.0-1190 Description: A vulnerability could allow PHP code injection through the "search" parameter in /portal/search.htm, enabling a remote attacker to perform a reverse shell on the remote system and compromise the entire...

CVE-2023-23645 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 - Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a through 4.0.2...

PT-2024-2816 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to a cross-site request forgery vulnerability. Exploitation of this issue may allow a remote attacker to inject PHP code. Recommendations: At the moment, there is no...

CVE-2024-25415

A remote code execution RCE vulnerability in /admin/definelanguage.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php...

WordPress Backup Migration 1.3.7 Remote Code Execution

Vulnerability Summary from Wordfence Intelligence Description: Backup Migration = 1.3.7 backup-backup Unauthenticated Remote Code Execution Affected Plugin: Backup Migration Plugin Slug: backup-backup Affected Versions: = 1.3.7 CVE ID:CVE-2023-6553 Pending CVSS Score: 9.8 Critical CVSS Vector:...

WordPress Backup Migration 1.3.7 Remote Code Execution Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: Backup Migration = 1.3.7 backup-backup Unauthenticated Remote Code Execution Affected Plugin: Backup Migration Plugin Slug: backup-backup Affected Versions: = 1.3.7 CVE ID:CVE-2023-6553 Pending CVSS Score: 9.8 Critical CVSS Vector:...

Critical Unauthenticated Remote Code Execution Found in Backup Migration Plugin

Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! The researcher who reported this vulnerability was awarded $2,751.00! Register as a...

CVE-2023-44381 October CMS safe mode bypass using Page template injection

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

CVE-2023-4197

Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...

CVE-2023-4197

Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...