7195 matches found
CVE-2020-21516
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code...
CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
Scripts Organizer < 3.0 - Unauthenticated Arbitrary File Upload
The plugin does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file PoC POST /wp-admin/admin-ajax.php...
CVE-2022-35239
The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...
CVE-2022-35239
The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...
Design/Logic Flaw
The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...
CVE-2022-35239
The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated...
PT-2022-22647 · Unknown · Solarview Compact Sv-Cpt-Mc310
Name of the Vulnerable Software and Affected Versions: SolarView Compact SV-CPT-MC310 versions 7.23 and earlier SolarView Compact SV-CPT-MC310F versions 7.23 and earlier Description: The image file management page contains an insufficient verification issue when uploading files. This can be...
CVE-2022-36262
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php...
Code injection
An issue was discovered in taocms 3.0.2. in the website settings that allows arbitrary php code to be injected by modifying config.php...
GHSA-6955-67HM-VJJQ Drupal core arbitrary PHP code execution
Drupal core sanitizes filenames with dangerous extensions upon upload and strips leading and trailing dots from filenames to prevent uploading server configuration files. However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site we...
Drupal core arbitrary PHP code execution
Drupal core sanitizes filenames with dangerous extensions upon upload and strips leading and trailing dots from filenames to prevent uploading server configuration files. However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site we...
Transposh WordPress Translation 1.0.8.1 Remote Code Execution
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File...
Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants
Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected...
Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
Updated 2022-07-20 19:45 UTC to indicate that this only affects Apache web servers. Drupal core sanitizes filenames with dangerous extensions upon upload reference: SA-CORE-2020-012 and strips leading and trailing dots from filenames to prevent uploading server configuration files reference:...
Remote Code Execution (RCE)
winter/storm is vulnerable to Remote Code Execution. An authenticated attacker with permission to create or modify theme templates with the cms editor can disable the cms.enableSafeMode feature, allowing for the modification of the backend php code through the web interface...
Bypass of CMS Safe Mode Security Feature
Impact Authenticated users with permissions to create or modify theme template objects through the backend "CMS" editor can exploit this vulnerability to bypass the cms.enableSafeMode security feature if enabled disables modification of PHP code through the web interface when enabled. This is onl...
GHSA-Q37H-JHF3-85CJ Bypass of CMS Safe Mode Security Feature
Impact Authenticated users with permissions to create or modify theme template objects through the backend "CMS" editor can exploit this vulnerability to bypass the cms.enableSafeMode security feature if enabled disables modification of PHP code through the web interface when enabled. This is onl...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...
CVE-2022-32409
A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...