7195 matches found
CVE-2024-36679
In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...
OS Command Injection
php81 is vulnerable to OS Command Injection. The vulnerability is due to misinterpretation of characters in the command line by the PHP CGI module when using certain code pages on Windows. This may allow a malicious user to pass options to the PHP binary, potentially revealing source code, runnin...
CVE-2024-5574
CVE-2024-5574 affects WP Magazine Modules Lite for WordPress (all versions up to 1.1.2). The vulnerability is Local File Inclusion via the blockLayout parameter, enabling authenticated users with Contributor-level access or higher to include and execute arbitrary PHP files on the server, potentia...
CVE-2024-36679
In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...
CVE-2024-36679
CVE-2024-36679 affects Module Live Chat Pro (All in One Messaging) for PrestaShop, versions
PrestaShop livechatpro Security Breach
PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution offers multiple payment methods, short message alerts, and product image zoom. A security vulnerability exists in PrestaShop livechatpro version 8.4.0 and earlier, which stems from the presence of...
CVE-2024-36679
In the module "Module Live Chat Pro All in One Messaging" livechatpro =8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations suffer of a white writer that can inject PHP code into a PHP file...
CVE-2024-4258 Video Gallery – YouTube Playlist, Channel Gallery by YotuWP <= 1.3.13 - Unauthenticated Local File Inclusion
The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...
CVE-2024-3813
The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'tdblocktitle' shortcode 'blocktemplateid' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...
CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'tdblocktitle' shortcode 'blocktemplateid' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...
CVE-2024-3813 tagDiv Composer <= 4.8 - Authenticated (Contributor+) Local File Inclusion via Shortcode
The tagDiv Composer plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8 via the 'tdblocktitle' shortcode 'blocktemplateid' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and...
CVE-2024-3813
The CVE-2024-3813 entry affects the WordPress plugin tagDiv Composer (versions up to 4.8). The vulnerability is Local File Inclusion via the td_block_title shortcode’s block_template_id attribute, enabling authenticated attackers with contributor-level permissions to include and execute arbitrary...
PT-2024-31670 · Yotuwp · The Video Gallery – Youtube Playlist
Name of the Vulnerable Software and Affected Versions: The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress versions up to, and including, 1.3.13 Description: The issue allows authenticated attackers with contributor access or higher to include and execute arbitrar...
CVE-2024-5577 Where I Was, Where I Will Be <= 1.1.1 - Unauthenticated Remote File Inclusion
The Where I Was, Where I Will Be plugin for WordPress is vulnerable to Remote File Inclusion in version = 1.1.1 via the WIWHEADER parameter of the /system/include/includeuser.php file. This makes it possible for unauthenticated attackers to include and execute arbitrary files hosted on external...
Cacti Import Packages RCE
This exploit module leverages an arbitrary file write vulnerability CVE-2024-25641 in Cacti versions prior to 1.2.27 to achieve RCE. It abuses the Import Packages feature to upload a specially crafted package that embeds a PHP file. Cacti will extract this file to an accessible location. The modu...
CVE-2024-1659
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...
CVE-2024-1577
Remote Code Execution vulnerability in MegaBIP software allows to execute arbitrary code on the server without requiring authentication by saving crafted by the attacker PHP code to one of the website files. This issue affects MegaBIP software versions through 5.11.2...
CVE-2024-1659
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...
CVE-2024-1659
CVE-2024-1659 describes an Arbitrary File Upload vulnerability in MegaBIP software, affecting versions up to 5.10. The issue allows an unauthenticated attacker to upload arbitrary files to the server, including PHP code, enabling potential in-server code execution or defacement as implied by the ...
CVE-2024-1659 Arbitrary File Upload in MegaBIP
Arbitrary File Upload vulnerability in MegaBIP software allows attacker to upload any file to the server including a PHP code file without an authentication. This issue affects MegaBIP software versions through 5.10...