2595 matches found
CVE-2022-30037
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php...
CVE-2023-1567
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assign/assign.php. The manipulation of the argument sid leads to cross site scripting. The attack may be...
CVE-2023-1364
A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The...
CVE-2023-23328
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...
Unrestricted file upload
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...
CVE-2023-23328
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...
CVE-2023-23328
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...
CVE-2023-1292
A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function deleteclient of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. T...
CVE-2023-26949
An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-26949
An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file...
SQL Injection in 'core/ajax/ajax_data.php'
Description There exists an SQL injection affecting the edition parameter located in the file core/ajax/ajaxdata.php php $productEditionFilter = isset$GET"edition" and !empty$GET"edition" ? " productedition = '$GET"edition"' " : " producttype != 'Child' "; We see that $GET"edition" is appended...
GHSA-G857-47PM-3R32 laravel-admin has Arbitrary File Upload vulnerability
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...
laravel-admin has Arbitrary File Upload vulnerability
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...
CVE-2023-0962
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated...
K14574: PHP vulnerability CVE-2012-1172
Security Advisory Description PHP has been cited with the following vulnerability, which may be locally exploitable on some F5 products: The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it...
U.S. Dept Of Defense: Email exploitation with web hosting services.
A vulnerability allowed an attacker to send emails to anyone using an organization's email list and to its people by uploading a PHP file to the public HTML. The vulnerability could result in reputation loss, phishing attacks, and the theft of internal information. Mitigation measures were not...