950 matches found
CVE-2018-10132
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter...
CVE-2018-10133
PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php...
CVE-2018-10132
CVE-2018-10132 affects PbootCMS v0.9.8. The vulnerability is described as a cross‑site request forgery (CSRF) in admin.php/Message/mod/id/19.html?backurl=/index.php that can cause PHP code injection in the recontent parameter. Connected sources consistently reference the same description. No conc...
CVE-2018-10132
PbootCMS v0.9.8 has CSRF via an admin.php/Message/mod/id/19.html?backurl=/index.php request, resulting in PHP code injection in the recontent parameter...
osCommerce 2.3.4.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on:...
osCommerce 2.3.4.1 Remote Code Execution
Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on: Linux, Windows If an Admin has not removed the /install/...
Creditwest Bank CMS Project Cross-Site Request Forgery Vulnerability
The Creditwest Bank CMS Project aka CWCMS is a content management system CMS. A cross-site request forgery vulnerability exists in the Website Configuration Update feature in Creditwest Bank CMS Project 2017-07-28 and prior releases. A remote attacker can exploit this vulnerability to inject...
ZZCMS 'siteurl' parameter PHP code injection vulnerability
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. The vulnerability can be exploited to inject PHP code by sending 'siteurl' parameter to install/index.php file...
CVE-2018-8972
Creditwest Bank CMS Project (CWCMS) prior to 2017-07-28 contains a cross-site request forgery (CSRF) vulnerability in the Website Configuration Update feature. This CSRF flaw enables an attacker to inject arbitrary PHP code, demonstrated by a PHP shell that calls eval on request parameters. Affec...
CVE-2018-8972
Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...
CVE-2018-8966
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...
Code injection
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...
CVE-2018-8966
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...
PT-2018-18745 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue in zzcms allows PHP code injection via the siteurl parameter to the "install/index.php" endpoint, enabling the injection of PHP code, such as a phpinfo call, into "/inc/config.php". Recommendations: For...
CVE-2018-5782
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow...
Security feature bypass
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...
CVE-2018-5780
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...
CVE-2018-5781
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vendrecording.php page. Successful exploit could...
Security feature bypass
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...
CVE-2018-5780
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmeeting.php page. Successful exploit could...