7195 matches found
Daily Expense Manager 1.0 - 'term' SQLi
Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Date: February 25th, 2024 Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link:...
Invision Community 4.7.16 Remote Code Execution
------------------------------------------------------------------------------ Invision Community = 4.7.16 toolbar.php Remote Code Execution Vulnerability ------------------------------------------------------------------------------ - Software Link: https://invisioncommunity.com - Affected...
Daily Expense Manager 1.0 SQL Injection
Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Date: February 25th, 2024 Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link:...
Daily Expense Manager 1.0 - (term) SQL injection Vulnerability
Exploit Title: Daily Expense Manager 1.0 - 'term' SQLi Exploit Author: Stefan Hesselman Vendor Homepage: https://code-projects.org/daily-expense-manager-in-php-with-source-code/ Software Link: https://download-media.code-projects.org/2020/01/DAILYEXPENSEMANAGERINPHPWITHSOURCECODE.zip Version: 1.0...
MasterStudy LMS < 3.3.4 - Unauthenticated Local File Inclusion via template
Description The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...
FoF Pretty Mail 1.1.2 Command Injection Vulnerability
Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...
ElementsKit Elementor addons < 3.0.7 - Contributor+ Local File Inclusion
Description The plugin is vulnerable to Local File Inclusion via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...
CVE-2024-2047 ElementsKit Elementor addons <= 3.0.6 - Authenticated (Contributor+) Local File Inclusion in render_raw
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.0.6 via the renderraw function. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files o...
CVE-2024-2047
The CVE-2024-2047 entry affects ElementsKit Elementor addons and Templates Library (ElementsKit Lite) for WordPress. The root cause is Local File Inclusion via render_raw in all versions up to 3.0.6. This allows an authenticated attacker with contributor+ privileges to include and execute arbitra...
CVE-2024-3061 HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and...
CVE-2024-3061 HUSKY – Products Filter Professional for WooCommerce <= 1.3.5.2 - Authenticated (Admin+) Local File Inclusion
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.5.2 via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and...
CVE-2024-3061
The CVE CVE-2024-3061 affects HUSKY – Products Filter Professional for WooCommerce (WordPress) and describes a Local File Inclusion via the type parameter in all versions up to 1.3.5.2. An authenticated attacker with administrator privileges could include and execute arbitrary PHP files on the se...
CVE-2024-2411
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...
CVE-2024-2411
The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the 'modal' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code i...
HUSKY < 1.3.5.3 - Admin+ Local File Inclusion
Description The plugin is vulnerable to Local File Inclusion via the 'type' parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This c...
FoF Pretty Mail 1.1.2 Command Injection
Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...
WordPress Plugin MasterStudy LMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Remote Code Execution (RCE)
johnbillion/wp-crontrol is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of PHP code, which can result RCE...
Remote Code Execution
friendsofsymfony1/symfony1 is vulnerable to Remote Code Execution. The vulnerability is due to the ability to abuse the destruct methods in Swift Mailer classes, which can be exploited to execute arbitrary PHP code if a developer unserializes untrusted user input...
CVE-2024-2203
CVE-2024-2203 : The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 5.4.1 via the Clients widget. Authenticated users with contributor-level access and above can include and execute arbitrary PHP files on the server, enablin...