CVE-2021-41597

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...

CVE-2021-41597

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...

Cross site request forgery (csrf)

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...

CVE-2021-41597

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive...

PT-2022-11437 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions 7.11.21 and earlier Description: The issue allows for remote code execution via the UpgradeWizard functionality if a PHP file is included in a ZIP archive. This is made possible by a CSRF vulnerability. Recommendations: For...

WP Ultimate CSV Importer < 6.4.1 - Subscriber+ Arbitrary File Upload

The plugin does not have authorisation and CSRF checks when uploading zip files via the zipupload AJAX call, and does not perform any check on the files to be extracted. As a result, any authenticated user, such as subscriber could upload an archive with PHP files in it, leading to RCE As any...

CVE-2021-25051

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include arbitrary file with PHP extension as well as with data:// or http:// protocols, thus leading to CSRF RCE...

SEUR Oficial < 1.7.2 - Admin+ Arbitrary File Download

The plugin creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. PoC Navigate to...

GHSA-VX6J-PJRH-VGJH PHP file inclusion in the Sulu admin panel

Impact What kind of vulnerability is it? Who is impacted? An attacker can read arbitrary local files via a PHP file include. In a default configuration this also leads to remote code execution. Compromised components: Arbitrary file read on the server, Potential Remote code execution Exploitation...

Design/Logic Flaw

An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files...

PhpWhois 跨站脚本漏洞

PhpWhois is a Whois library containing Php by Spanish individual developer David Saez Padros. A cross-site scripting vulnerability exists in PhpWhois, which originates in the file example.php, where the exit function will terminate the script and print a message to the user. No detailed...

CVE-2021-36697

With an admin account, the .htaccess file in Artica Pandora FMS =755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP...

Design/Logic Flaw

With an admin account, the .htaccess file in Artica Pandora FMS =755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP...

CVE-2021-36697

With an admin account, the .htaccess file in Artica Pandora FMS =755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP...

CVE-2021-41646

Remote Code Execution RCE vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters...

Remote code execution

Remote Code Execution RCE vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters...

CVE-2021-41644

Remote Code Exection RCE vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters...

Remote code execution

Remote Code Exection RCE vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters...

CVE-2021-41646

Remote Code Execution RCE vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters...

CVE-2021-41644

Remote Code Exection RCE vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters...