CVE-2020-21322

CVE-2020-21322 is an arbitrary file upload vulnerability in Feehi CMS v2.0.8 and earlier that allows an attacker to execute arbitrary PHP code via a crafted file. Affected: Feehi CMS (PHP-based). Root cause: improper handling of uploaded files enabling code execution. Impact: remote code executio...

CVE-2020-21322

An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file...

in dmpop/mejiro

Description Uploaded files represent a significant risk to applications. The first step in many attacks is to get some code to the system to be attacked. Then the attack only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish this...

CVE-2020-20672

An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file...

CVE-2020-20672

An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file...

CVE-2020-20672

An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file...

CVE-2020-20672

KiteCMS v1.1 contains an arbitrary file upload vulnerability in /admin/upload/uploadfile that allows an attacker to getshell by uploading a crafted PHP file. Multiple sources (NVD/CVE, CNVD, Red Hat advisories, OSV, CVE lists) corroborate the flaw as an arbitrary file upload in KiteCMS with impac...

CVE-2020-19267

An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-19267

An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

Code injection

An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-19267

An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file...

GHSA-R6MV-PPJC-4HGR PHP file inclusion via insert tags

Impact It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Patches Update to Contao 4.4.56, 4.9.18 or 4.11.7. Workarounds Disable the login for untrusted back end users. References...

PHP file inclusion via insert tags

Impact It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Patches Update to Contao 4.4.56, 4.9.18 or 4.11.7. Workarounds Disable the login for untrusted back end users. References...

Simple School Staff Directory <= 1.1 - Admin+ Arbitrary File Upload

The plugin does not validate uploaded logo pictures to ensure that are indeed images, allowing high privilege users such as admin to upload arbitrary file like PHP, leading to RCE As admin, upload a PHP file via the Add Logo page of the plugin...

Email Artillery <= 4.1 - Arbitrary File Upload

The plugin does not properly check the uploaded files from the Import Emails feature, allowing arbitrary files to be uploaded. Furthermore, the plugin is also lacking any CSRF check, allowing such issue to be exploited via a CSRF attack as well. However, due to the presence of a .htaccess, denyin...

Code injection

Contao is an open source CMS that allows you to create websites and scalable web applications. In affected versions it is possible to load PHP files by entering insert tags in the Contao back end. Installations are only affected if they have untrusted back end users who have the rights to modify...

PHP file inclusion via insert tags

Date : 2021-08-11 CVE ID : CVE-2021-37626 Description It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.55 Contao...

Design/Logic Flaw

The Speed Booster Pack âš¡ PageSpeed Optimization Suite WordPress plugin before 4.2.0 did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE...

CVE-2020-20698

A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...

Remote code execution

A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...