CVE-2024-3707

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file...

CVE-2024-3707 Exposure of Information Through Directory Listing vulnerability in OpenGnsys

Information exposure vulnerability in OpenGnsys affecting version 1.1.1d Espeto. This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file...

CVE-2024-3707

OpenGnsys version 1.1.1d (Espeto) is affected by CVE-2024-3707, an information exposure vulnerability in the web interface that allows an attacker to enumerate all files in the web tree by accessing a PHP file. The issue is described as a directory-listing / information disclosure flaw in OpenGns...

OpenGnsys 安全漏洞

OpenGnsys is an open source computing device management software from the Spanish OpenGnsys project. A security vulnerability exists in OpenGnsys version 1.1.1d Espeto, which stems from the presence of an information exposure vulnerability that allows an attacker to enumerate all files in the Web...

Online Courseware 跨站脚本漏洞

DPEC Online Courseware is an online courseware system from DPEC. A cross-site scripting vulnerability exists in version 1.0 of Online Courseware, which is caused by a cross-site scripting attack in the id parameter of the editt.php file...

CVE-2024-31210 PHP file upload bypass via Plugin installer

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...

VulnCheck KEV: CVE-2024-31231

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Sizam Design Rehub allows PHP Local File Inclusion.This issue affects Rehub: from n/a through 19.6.1...

CVE-2024-29514

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-29514

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-29514

CVE-2024-29514 affects Lepton v7.1.0. The vulnerability is a file-upload flaw that allows a remote, authenticated attacker to execute arbitrary PHP code by uploading a crafted file. Impact is high (remote code execution, authenticated access). Affected software is LeptonCMS/Lepton v7.1.0, with th...

CVE-2024-3131

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=savecategory. The manipulation of the argument id leads to sql injection. The attack can be initiated...

Orange Station 1.0 Shell Upload

Title: ORANGE STATION-1.0 File Upload Remote Code Execution Vulnerability Author: nu11secur1ty Date: 03/26/2024 Vendor: https://www.mayurik.com/ Software: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html Reference:...

Arbitrary Code Execution

ldap-account-manager vulnerable to arbitrary code execution. The vulnerability is due to improper log file path validation, allowing attackers to create a PHP file and log PHP code to it, which can be executed when accessed via the web...

CVE-2024-29515

File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component...

CVE-2024-29515

The CVE is for LeptonCMS v7.1.0 (Lepton) and describes a File Upload vulnerability that enables a remote authenticated attacker to execute arbitrary PHP code by uploading crafted files to the save.php and config.php components. The root cause, as reflected across multiple sources, is improper han...

CVE-2024-23333 LAM vulnerable to Authenticated Remote Code Execution

LDAP Account Manager LAM is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When th...

CVE-2024-2516

A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit h...

EyouCms Security Vulnerability

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A security vulnerability exists in EyouCms v1.6.4, which stems from the existence of a PHP file inclusion vulnerability...

CVE-2023-41505

An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-41505

An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...