EUVD-2026-17875

MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve...

CVE-2026-3300

The Everest Forms Pro plugin for WordPress is vulnerable to Remote Code Execution via PHP Code Injection in all versions up to, and including, 1.9.12. This is due to the Calculation Addon's processfilter function concatenating user-submitted form field values into a PHP code string without proper...

CVE-2025-15445 Restaurant Cafeteria <= 0.4.6 - Subscriber+ Arbitrary Plugin Installation/Activation

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload when the application accepts or prefers a client-supplied MIME type. An attacker can upload files containing executable PHP code by submitting files with a benign MIME type, potentially leading to code execution if...

Laravel-Mediable 安全漏洞

Laravel-Mediable is a Laravel media file management package developed by Plank. Versions of Laravel-Mediable 6.4.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the application accepting or favoring the MIME types provided by the client when processing file uploads...

AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

Summary The ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An attacker can upload a polyglot file valid JPEG magic bytes followed by PHP cod...

CraftCMS generate-transform command injection

Added: 03/25/2026 Background CraftCMS is a content management system written in PHP. Problem A vulnerability in CraftCMS allows remote attackers to inject arbitrary PHP code into the session file and then execute it using a specially crafted request to generate-transform. Resolution Upgrade to...

CVE-2026-33647 AVideo Vulnerable to Remote Code Execution via MIME/Extension Mismatch in ImageGallery File Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the ImageGallery::saveFile method validates uploaded file content using finfo MIME type detection but derives the saved filename extension from the user-supplied original filename without an allowlist check. An...

CVE-2026-33479

CVE-2026-33479 is tied to a0 Video (AVideo) Gallery plugin vulnerability where saveSort.json.php eval() executes unsanitized input from $_REQUEST['sections']. An admin-authenticated session is exfiltrated via CSRF because there is no CSRF protection and cookies are configured with SameSite=None, ...

CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

CVE-2026-33479 AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSR...

AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

GHSA-XGGW-G9PM-9QHH AVideo has PHP Code Injection via eval() in Gallery saveSort.json.php Exploitable Through CSRF Against Admin

Summary The Gallery plugin's saveSort.json.php endpoint passes unsanitized user input from $REQUEST'sections' array values directly into PHP's eval function. While the endpoint is gated behind User::isAdmin, it has no CSRF token validation. Combined with AVideo's explicit SameSite=None session...

CVE-2026-33035 Unauthenticated Reflected XSS via innerHTML in AVideo

WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser. User input from a URL parameter flows through PHP's jsonencode into a JavaScript function...

AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php

Summary WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The cleantitle field of a video record is interpolated directly into a JavaScript string literal without any escaping, allowing an attacker who can create or modify a video to...

CVE-2026-23489

Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to version 1.23.3, it is possible to execute arbitrary PHP code from users that are allowed to create dropdowns. This issue has been patched in version 1.23.3...

web-attack-payloads

Web Attack Payloads Collection !Cybersecurityhttps://img.s...

EUVD-2026-10811

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...

CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php

GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...