Command Injection

mustache/mustache is vulnerable to command injection. The vulnerability exists in section function of Compiler.php which allows an attacker to control the value of the sections tag and execute arbitrary php code...

Mageia: Security Advisory (MGASA-2017-0141)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2014-0468)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0118)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-4RMR-C2JX-VX27 Mustache remote code injection vulnerability

In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...

Mustache remote code injection vulnerability

In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...

Popup Builder < 4.0.7 - LFI to RCE

The plugin does not validate and sanitise the sgpbtype parameter before using it in a require statement, leading to a Local File Inclusion issue. Furthermore, since the beginning of the string can be controlled, the issue can lead to RCE vulnerability via wrappers such as PHAR Create a zip archiv...

PT-2022-13104 · Mustache +1 · Mustache +1

Name of the Vulnerable Software and Affected Versions: mustache/mustache versions 2.0.0 through 2.14.0 Description: The issue is related to the improper neutralization of special elements used in a template engine. This can lead to arbitrary PHP code execution, even when strict callables is set t...

mustache - Possible Remote Code Execution

huntr.dev reports: In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...

Remote Code Execution (RCE)

October CMS is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the input via the theme import function allowing an attacker with access to the backend to execute maliciously crafted PHP code...

Remote Code Execution (RCE)

October CMS is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of PHP code int he template markup allowing an attacker with "create, modify and delete website pages" privileges to inject maliciously crafted PHP code...

Win32.MarsStealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...

Win32.MarsStealer Web Panel Unauthenticated Remote Data Deletion

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaC.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Data Deletion Description: The...

AgentTesla Builder Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/db9629508fda139f71f625d764c7eff7.txt Contact: [email protected] Media: twitter.com/malvuln Threat: AgentTesla Builder Web Panel Vulnerability: Cross Site Scripting XSS Description: AgentTeslaBuilder...

Win32.MarsStealer Web Panel Information Disclosure

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faa.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Information Disclosure Description...

CVE-2021-32649

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...

CVE-2021-32649

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in t...

CVE-2021-32650

October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with access to the backend is able to execute PHP code by using the theme import feature. This will bypass the safe mode feature that prevents P...

CVE-2021-32649

CVE-2021-32649 affects October CMS (Laravel-based). Before versions 1.0.473 and 1.1.6 , an attacker with backend privileges to create, modify and delete website pages can trigger PHP code execution by embedding specially crafted Twig code in the template markup. The issue is remedied in Build 473...

PT-2022-10089 · Unknown · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS versions prior to 1.0.473 and 1.1.6 Description: The issue allows an attacker with "create, modify and delete website pages" privileges in the backend to execute PHP code by running specially crafted Twig code in the template...