7206 matches found
CVE-2019-17309
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the EmailMan module by an Admin user...
CVE-2019-17310
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the Campaigns module by an Admin user...
CVE-2019-17310
CVE-2019-17310 affects SugarCRM (Campaigns module) prior to 8.0.4 and 9.x prior to 9.0.2. An Admin can inject PHP code due to input handling in Campaigns, enabling arbitrary code execution. Impact described as PHP code injection with potential for full system compromise; no exploit details provid...
CVE-2019-15748
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary...
CVE-2019-15751
CVE-2019-15751 describes an unrestricted file upload in SITOS six Build v6.2.1. The vulnerability allows an unauthenticated attacker to upload a SCORM file with an executable extension to the web root, enabling remote code execution (e.g., PHP code to run OS commands). The CVE entry is supported ...
CVE-2019-15748
SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functionality to import a malicious SCORM package that includes a PHP file, which could execute arbitrary...
vBulletin 5.0 < 5.5.4 - 'updateAvatar' Authenticated Remote Code Execution
?php / --------------------------------------------------------------------- vBulletin = 5.5.4 updateAvatar Remote Code Execution Vulnerability --------------------------------------------------------------------- author..............: Egidio Romano aka EgiX mail................:...
CVE-2019-17188
An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...
CVE-2019-17188
An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...
Unrestricted file upload
An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...
CVE-2019-17188
An unrestricted file upload vulnerability was discovered in catalog/productinfo/imageupload in Fecshop FecMall 2.3.4. An attacker can bypass a front-end restriction and upload PHP code to the webserver, by providing image data and the image/jpeg content type, with a .php extension. This occurs...
CVE-2019-17188
CVE-2019-17188 describes an unrestricted file upload in catalog/productinfo/imageupload of Fecshop/FecMall 2.3.4. An attacker can bypass front-end restrictions and upload PHP code to the webserver by supplying image data with image/jpeg content type and a .php extension, due to validation relying...
CVE-2008-5906
Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts...
CVE-2008-4811
The expandquotedtext function in libs/SmartyCompiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ backslash before a dollar-sign character...
CVE-2019-16722
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...
CVE-2019-16722
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...
Design/Logic Flaw
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...
CVE-2019-16722
CVE-2019-16722 affects ZZZCMS zzzphp v1.7.2. The vulnerability arises from an insufficient protection mechanism against PHP Code Execution, where a passthru call bypasses a str_ireplace operation. The connected documents consistently describe this flaw across sources (Red Hat, NVD, CVE registries...
CVE-2019-16722
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...
Code injection
joyplus-cms 1.6.0 allows remote attackers to execute arbitrary PHP code via /install by placing the code in the name of an object in the database...