2595 matches found
PT-2023-4770 · Unknown · Php-Fusion
Name of the Vulnerable Software and Affected Versions: PHPFusion affected versions not specified Description: The issue is related to insufficient sanitization of tainted file names that are directly concatenated with a path and subsequently passed to a require once statement. This allows arbitra...
Sql injection
SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php...
Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload
Description The plugin does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. PoC 1 Create a PHP file cmd.php with the contents 2 Go to https://example.com/wp-admin/admin.php?page=momediarestrict=privatedirectory 3 Then upload a fi...
Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload
Description The plugin does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. 1 Create a PHP file cmd.php with the contents 2 Go to https://example.com/wp-admin/admin.php?page=momediarestrict&tab=privatedirectory 3 Then upload a fi...
CVE-2023-4556
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqliquery of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2023-31941
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employeeinsert.php...
Unrestricted file upload
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employeeinsert.php...
Unrestricted file upload
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php...
CVE-2023-31946
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php...
CVE-2023-31941
File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employeeinsert.php...
CVE-2023-31941
CVE-2023-31941 concerns a file upload vulnerability in Online Travel Agency System v1.0. The Red Hat, NVD, and related entries converge on a remote code execution risk via uploading a crafted PHP file to employee_insert.php, enabling an attacker to execute arbitrary code. The common root cause is...
CVE-2023-33367
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution...
CVE-2023-4141
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...
CVE-2023-4141 WP Ultimate CSV Importer <= 7.9.8 - Authenticated (Author+) PHP File Creation to Remote Code Execution
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '-cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin...
CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-36212
File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function...
Unrestricted file upload
File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function...
CVE-2023-36212
File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function...
PT-2023-27814 · Unknown · Php Jabbers Service Booking Script
Name of the Vulnerable Software and Affected Versions: PHP Jabbers Service Booking Script version 1.0 Description: A vulnerability was found in the PHP Jabbers Service Booking Script, affecting unknown code of the file /index.php. The manipulation of the index argument leads to cross-site...