CVE-2009-3822

PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat comajaxchat component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSmosConfigabsolutepath parameter to tests/ajcuser.php...

CVE-2007-2679

PHP file inclusion vulnerability in index.php in Ivan Peevski gallery 0.3 in Simple PHP Scripts sphp allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the gallery parameter, which is accessed by the fileexists function. NOTE: the provenance...

CVE-2025-45752

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...

CVE-2025-4524

The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

CVE-2025-45752

A vulnerability in SeedDMS 6.0.32 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager...

PT-2025-22435

Name of the Vulnerable Software and Affected Versions Vtiger CRM Open Source Edition version 8.3.0 Description A vulnerability in the software allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

PT-2025-22419

Name of the Vulnerable Software and Affected Versions SeedDMS version 6.0.32 Description A vulnerability in SeedDMS allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the zip import functionality in the Extension Manager. Recommendations For SeedDMS version 6.0.3...

CVE-2025-45753

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

CVE-2025-45753

Vulnerability CVE-2025-45753 affects Vtiger CRM Open Source Edition v8.3.0. An attacker with admin privileges can execute arbitrary PHP code by abusing the ZIP import functionality in the Module Import feature. The entry indicates high impact (C/H/I/A) with a CVSSv3.1 base score of 7.2. Connected...

CVE-2025-45753

A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature...

CVE-2025-45752

CVE-2025-45752 affects SeedDMS 6.0.32. Affected component: Extension Manager zip import functionality. Root cause: exploitation of the zip import feature allows an attacker with admin privileges to execute arbitrary PHP code. Impact is described as arbitrary code execution with admin access. Expl...

CVE-2025-47916

Invision Community 5.0.0 before 5.0.7 allows remote code execution via crafted template strings to themeeditor.php. The issue lies within the themeeditor controller file: /applications/core/modules/front/system/themeeditor.php, where a protected method named customCss can be invoked by...

Arbitrary Command Injection

Craft CMS is vulnerable to Arbitrary Command Injection. The vulnerability is due to unauthenticated user-supplied data being stored in session files without validation, potentially allowing PHP code injection into a predictable server file path...

PT-2025-21165 · Invision · Invision Community

Name of the Vulnerable Software and Affected Versions: Invision Community versions 5.0.0 through 5.0.7 Description: The issue lies within the themeeditor controller, where a protected method named customCss can be invoked by unauthenticated users. This method passes the value of the content...

CVE-2025-2158

The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.3.5 via the Post custom fields. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

CVE-2025-35939 Craft CMS stores user-provided content in session files

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

CVE-2025-35939

Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. Craft CMS redirects requests that require authentication to the login page and generates a session file on the server at...

PT-2025-20135 · Unknown · Fullworks Display Eventbrite Events

Name of the Vulnerable Software and Affected Versions: fullworks Display Eventbrite Events affected versions not specified Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion' vulnerability. Th...