7193 matches found
PT-2025-31994 · Unknown · Php-Charts
Name of the Vulnerable Software and Affected Versions: PHP-Charts version 1.0 Description: PHP-Charts version 1.0 contains a PHP code execution issue in the wizard/url.php file. User-supplied GET parameter names are passed directly to the eval function without sanitization. A remote attacker can...
CVE-2013-10051
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
CVE-2013-10035
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPageAjax.php, and casesSchedulerGetPlugins.php, by supplying...
CVE-2013-10051
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
CVE-2013-10051
InstantCMS
CVE-2013-10051 InstantCMS <= 1.6 Remote PHP Code Execution
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote...
PT-2025-31688 · Unknown · Instantcms
Name of the Vulnerable Software and Affected Versions: InstantCMS versions prior to 1.7 Description: A remote PHP code execution issue exists due to the unsafe use of the eval function within the search view handler. User-supplied input via the look parameter is concatenated into a PHP expression...
CVE-2013-10035 ProcessMaker Open Source < 2.5.2 neoclassic Skin PHP Code Execution
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPageAjax.php, and casesSchedulerGetPlugins.php, by supplying...
CVE-2013-10035 ProcessMaker Open Source < 2.5.2 neoclassic Skin PHP Code Execution
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPageAjax.php, and casesSchedulerGetPlugins.php, by supplying...
CVE-2013-10035
ProcessMaker Open Source with the default neoclassic skin (versions 2.0.23–2.5.1) is affected by a code execution vulnerability. An authenticated user can exploit endpoints (e.g., appFolderAjax.php, casesStartPage_Ajax.php, cases_SchedulerGetPlugins.php) by sending crafted POST parameters (action...
CVE-2025-6991
The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.0 via the 'THLatestPosts4 widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server...
CVE-2025-6991 Kallyas <= 4.21.0 - Authenticated (Contributor+) Local File Inclusion
The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.0 via the 'THLatestPosts4 widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server...
CVE-2016-15044
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata G...
CVE-2014-125116
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...
SUSE CVE-2015-10141
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...
CVE-2016-15044
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata G...
CVE-2016-15044
Kaltura
DEBIAN-CVE-2015-10141
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...
CVE-2015-10141 Xdebug Remote Debugger Unauthenticated OS Command Execution
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...
CVE-2015-10141 Xdebug Remote Debugger Unauthenticated OS Command Execution
An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...