2595 matches found
SQL Injection Vulnerability in CloudYou CMS Ma***.php File
CloudYou CMS is a free + open source urban substation content management system based on TP5.0 framework as the core development. CloudUnion CMS Ma.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion exploit-inc-inclusion.py !/usr/bin/env python3 from horde import Horde import subprocess import sys TEMPDIR = '/tmp' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode =...
Horde Groupware Webmail Edition 5.2.22 - PHP File Inclusion
exploit-inc-inclusion.py !/usr/bin/env python3 from horde import Horde import subprocess import sys TEMPDIR = '/tmp' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password = sys.argv3 filename = sys.argv4 phpcode = sys.argv5 log into the web application horde = Hordebaseurl,...
SQL Injection Vulnerability in CloudYou CMS Ar***.php File
CloudYou CMS is a free + open source urban substation content management system based on TP5.0 framework as the core development. CloudUnion CMS Ar.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive database information...
CVE-2020-5256
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...
Information disclosure
BookStack before version 0.25.5 has a vulnerability where a user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users...
CVE-2020-9454
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...
Cross site request forgery (csrf)
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...
CVE-2020-9454
A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...
LaySNS suffers from SQL injection vulnerability in in***.php file
LaySNS is a lightweight, integrated content management and community interaction website management system based on ThinkPHP+Layui architecture. LaySNS has a SQL injection vulnerability in the in.php file, which can be exploited by attackers to obtain sensitive database information...
CVE-2020-8500
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...
Code injection
In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality...
PT-2020-20179 · Artica · Artica Pandora Fms
Name of the Vulnerable Software and Affected Versions: Artica Pandora FMS version 7.42 Description: The issue allows Web Admin users to execute arbitrary code by uploading a .php file via the Updater or Extension component. However, the vendor reports that this functionality is intended...
Code Execution Vulnerability in Vanno Enterprise Website Management System ch***.php File
Vanno Enterprise Website Management System is a website content management system based on a full DIV+CSS template. A code execution vulnerability exists in the file ch.php in Vanno's enterprise website management system. An attacker can exploit the vulnerability to execute arbitrary code...
SQL Injection Vulnerability in SemCMS SE***_Im***.php File
SemCMS is a set of open source foreign trade enterprise website management system, written in php language, can be run under window or linux system. SemCMS SEIm.php file has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive information in the database...
SQL injection vulnerability in Zendo Project Management Software co***.php file
Zendo Project Management Software is homegrown open source project management software. Zendo Project Management Software co.php file has a SQL injection vulnerability. An attacker can exploit the vulnerability to obtain sensitive database information...
SQL injection vulnerability in In***.php file of MyuCMS open source content management system (CNVD-2020-18786)
MyuCMS open source content management system developed using ThinkPHP community mall aggregation, plug-ins, templates, lightweight and fast easy to expand. MyuCMS open source content management system In.php file SQL injection vulnerability . Attackers can exploit the vulnerability to obtain...
PT-2020-20292 · Salesagility · Suitecrm
Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.11.12 Description: The issue allows Directory Traversal, enabling the inclusion of arbitrary .php files within the webroot via the add to prospect list function. Recommendations: For SuiteCRM versions prior to...
Exploit for Unrestricted Upload of File with Dangerous Type in Artica Pandora_Fms
CVE-2020-5844 Authenticated RCE in PandoraFMS 7.0-NG 742 A...
CVE-2012-5699
BabyGekko before 1.2.4 allows PHP file inclusion...