CVE-2021-41662

CVE-2021-41662 affects South Gate Inn Online Reservation System v1.0. The vulnerability is an SQL injection that can be chained with a malicious PHP file upload caused by improper file handling in the editImg function, enabling remote code execution. Documented CVSSv3.1 impact is Critical (9.8) w...

CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell...

CVE-2022-1657

Vulnerable versions of the Jupiter = 6.10.1 and JupiterX = 2.0.6 Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterxcploadpaneaction AJAX action present in the...

The vulnerability of the conf_id parameter in the TrueConf Server software lies in the possibility of bypassing the path in the script /client/upsld/v1. This allows a perpetrator to execute arbitrary code by writing a specially crafted php file into a folder accessible through the web interface.

The vulnerability of the confid parameter in the TrueConf Server software relates to the possibility of bypassing the path in the script /client/upsld/v1. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by writing a specially crafted php file to a folder accessibl...

CVE-2022-31991

Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=deletecourt...

CVE-2022-29659

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php...

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29624

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29624

An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29725

An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29651

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29651

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29651

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-29651

The CVE-2022-29651 entry pertains to Online Food Ordering System v1.0, where an arbitrary file upload vulnerability in the Select Image feature can be exploited by uploading a crafted PHP file to achieve remote code execution. Available sources (NVD/NIST, Red Hat, CNVD, CVE listings) confirm the ...

Magento remote code execution vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update. As per the Magento...

GHSA-4V2Q-HJX3-C4VR Magento remote code execution vulnerability

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update. As per the Magento...

GHSA-6JF9-8M34-96W5 TeamPass PHP arbitrary file include vulnerability

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

GHSA-7PR3-34RG-G53M Magento Unrestricted file upload vulnerability

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file...