Cross site request forgery (csrf)

A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...

CVE-2022-32409

A local file inclusion LFI vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request...

CVE-2020-19896

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...

Arbitrary file deletion

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...

CVE-2020-19896

CVE-2020-19896 affects Minicms v1.9 and is a file inclusion vulnerability that lets remote attackers execute arbitrary PHP code via the file post-edit.php. The NVD metrics indicate a CVSSv3.1 base score of 9.8 (CRITICAL) with network access, low attack complexity, no user interaction, and impacts...

CVE-2020-19896

File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php...

MiniCMS 安全漏洞

MiniCMS is to simple personal website content management system. A security vulnerability exists in MiniCMS v1.9. An attacker exploited the vulnerability to execute arbitrary PHP code via late editing...

CVE-2021-41421

A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel...

CVE-2021-41421

A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel...

CVE-2021-41421

A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel...

CVE-2021-41402

flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code...

CVE-2021-41402

flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code...

Remote code execution

flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code...

CVE-2021-41402

flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code...

CVE-2022-0863

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution...

Remote code execution

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution...

PT-2022-6164 · Advantech · R-Seenet

Name of the Vulnerable Software and Affected Versions: Advantech R-SeeNet versions 2.4.19 and prior Description: The issue is due to incorrect restriction of the directory path name with limited access. An unauthorized attacker could remotely exploit vulnerable PHP code to delete arbitrary files,...

CVE-2022-29725

The CVE-2022-29725 entry concerns Creatiwity wityCMS 0.6.2, where an arbitrary file upload in the image upload component enables code execution via a crafted PHP file. Documents indicate this is exploitable over the network with low complexity and no user interaction, potentially causing high-imp...

PHP Code Injection by malicious block or filename in Smarty

Impact Template authors could inject php code by choosing a malicous block name or include file name. Sites that cannot fully trust template authors should update asap. Patches Please upgrade to the most recent version of Smarty v3 or v4. Workarounds Is there a way for users to fix or remediate t...

Magento arbitrary PHP code execution via the productData parameter

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition CE before 1.9.2.1 and Enterprise Edition EE before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...