CVE-2023-41505

An arbitrary file upload vulnerability in the Add Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

[SECURITY] [DLA 3756-1] wordpress security update

Debian LTS Advisory DLA-3756-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany March 10, 2024 https://wiki.debian.org/LTS Package : wordpress Version : 5.0.21+dfsg1-0+deb10u1 CVE ID : not yet available Two security vulnerabilities have been discovered in Wordpress...

BIT-LIMESURVEY-2022-48008

An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file...

BoidCMS Command Injection

This module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS version 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file. Module Options msf use exploit/multi/http/cve202338836boidcms msf...

CVE-2024-26450

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This...

CVE-2024-26450

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This...

Cross site request forgery (csrf)

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This...

CVE-2024-25869

An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component...

CVE-2023-41506

An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-1701

A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been...

CVE-2024-23762

Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file...

Fedora 38 : wordpress (2024-df1cdcb0de)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-df1cdcb0de advisory. WordPress 6.4.3 Maintenance and Security release See upstream announcement Security updates included in this release m4tuto for finding a PHP File Upload...

Fedora 39 : wordpress (2024-2b30739a76)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-2b30739a76 advisory. WordPress 6.4.3 Maintenance and Security release See upstream announcement Security updates included in this release m4tuto for finding a PHP File Upload...

The vulnerabilities of the functions setTemplate(), renderPhp(), and pathJoin() of the Shield Security plugin—a WordPress content management system for smart bot blocking and intrusion prevention—allow attackers to load arbitrary PHP files.

The vulnerabilities of the setTemplate, renderPhp, and pathJoin functions in the Shield Security plugin—a system for WordPress content management with Smart Bot Blocking & Intrusion Prevention features—are related to improper external manipulation of file names or file paths. Exploiting these...

WordPress Multiple Vulnerabilities (Jan 2024) - Linux

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

WordPress Multiple Vulnerabilities (Jan 2024) - Windows

WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...

The WordPress 6.4.3 Security Update – What You Need to Know

Today, January 30, 2024, WordPress released version 6.4.3, which contains two security patches for longstanding, albeit minor, security concerns in WordPress Core. The first patch addresses an issue that allows users with Administrator or Super Administrator on Multisite privileges to upload PHP...

PT-2024-16217 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue affects the uploadIcon function of the file /application/index/controller/Screen.php in the Icon Handler component, leading to unrestricted upload. The attack can be initiated remotely...

The vulnerability of the setNatConfig function in the /Interface/DevManage/VM.php file of the urban terminal software allows a violator to execute arbitrary commands.

The vulnerability of the setNatConfig function in the /Interface/DevManage/VM.php file of the urban terminal microprogramming system for intelligent traffic control of Uniview ISC 2500-S exists due to the lack of measures to neutralize special elements used in the operating system commands...

Smsot SQL Injection Vulnerability

Smsot is a professional community operation solution by China Motech Smsot. A SQL injection vulnerability exists in Smsot 2.12 and earlier versions, which stems from the parameter datasign in the file /api.php that can lead to SQL injection...