CVE-2023-44381 October CMS safe mode bypass using Page template injection

October is a Content Management System CMS and web platform to assist with development workflow. An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to...

CVE-2023-5966

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...

Code injection

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...

CVE-2023-5966 Unrestricted Upload of File with Dangerous Type in EspoCRM

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the extension deployment form, which could lead to arbitrary PHP code execution...

CVE-2023-5966

CVE-2023-5966 affects EspoCRM 7.2.5, where an authenticated privileged attacker can upload a crafted ZIP through the extension deployment form, leading to arbitrary PHP code execution. Connected records confirm the vector (extension deployment form), impact (remote code execution), and affected v...

CVE-2023-5965 Unrestricted Upload of File with Dangerous Type in EspoCRM

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...

CVE-2023-5965 Unrestricted Upload of File with Dangerous Type in EspoCRM

An authenticated privileged attacker could upload a specially crafted zip to the EspoCRM server in version 7.2.5, via the update form, which could lead to arbitrary PHP code execution...

Template Injection

October CMS is vulnerable to Template Injection. The vulnerability is caused by a crafted request which includes PHP code in the CMS template, where an authenticated backend user possessing the editor.cmspages, editor.cmslayouts, or editor.cmspartials can execute arbitrary PHP code even when the...

Server Side Template Injection

October CMS is vulnerable to Server Side Template Injection. The vulnerability is due improper sandboxing of twig code, where an authenticated backend user possessing the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions, can execute PHP code even when cms.safemode being...

EspoCRM Code Issues Vulnerabilities

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A code issue vulnerability exists in EspoCRM version 7.2.5 that stems from the presence of arbitrary PHP code execution...

October CMS safe mode bypass using Twig sandbox escape

Impact An authenticated backend user with the editor.cmspages, editor.cmslayouts, or editor.cmspartials permissions who would normally not be permitted to provide PHP code to be executed by the CMS due to cms.safemode being enabled can write specific Twig code to escape the Twig sandbox and execu...

Phlox Shop <= 2.0.0 - Unauthenticated Local File Inclusion

Description The Phlox Shop plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.0. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This...

CVE-2023-47253

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...

Code injection

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...

CVE-2023-47253

Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...

Code injection

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the...

CVE-2023-46817

An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the...

Remote Code Execution (RCE)

dolibarr/dolibarr is vulnerable to Remote Code Execution. This vulnerability exists in the dolKeepOnlyPhpCode function in website.lib.php due to improper user inputs validation, allowing an attacker to inject and execute arbitrary PHP code in the system...

CVE-2023-1717

Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/leftvertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege...

CVE-2023-1720

Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through...