Arbitrary file deletion

BabyGekko before 1.2.4 allows PHP file inclusion...

CVE-2012-5699

BabyGekko before 1.2.4 allows PHP file inclusion...

Unspecified Vulnerability in Logaritmo Aware CallManager

Logaritmo Aware CallManager is an enterprise telephone call management system. A security vulnerability exists in the CSV upload feature of the /supervisor/procesacarga.php file in the 2012 version of Logaritmo Aware CallManager, which can be exploited by an attacker accessing the /supervisor/csv...

Denial Of Service (DoS)

dompdf is vulnerable to denial of service DoS. The attack exists because dompdf.php does not handle the parsing of PHP file properly, allowing an attacker to consume memory by providing files such as dompdfconfig.inc.php...

SQL Injection Vulnerability in me***.php file of Yunye CMS frontend

Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. There is a SQL injection vulnerability in the me.php file in the frontend of Yunye CMS. Attackers can use the vulnerability to obtain sensitive information in the database...

Complaint Management System 4.0 Remote Code Execution

Exploit Title: Complaint Management System 4.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows Description: There...

Complaint Management System 4.0 - Remote Code Execution

Complaint Management System 4.0 - Remote Code Execution Exploit Title: Complaint Management System 4.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Category:...

Remote code execution

An issue was discovered on Alcatel-Lucent OmniVista 8770 devices before 4.1.2. An authenticated remote attacker, with elevated privileges in the Web Directory component on port 389, may upload a PHP file to achieve Remote Code Execution as SYSTEM...

The vulnerability of the openregion.security module of the “Open Region” platform, which arises due to insufficient validation of input data, allows attackers to execute arbitrary code or carry out cross-site scripting attacks.

The vulnerability of the “Open Region” platform exists due to insufficient verification of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or perform a cross-site scripting attack by uploading files with extensions .pht, .php7, .php5, .php3, .php4,...

The vulnerability of the openregion.security module of the “Open Region” platform allows a perpetrator to execute arbitrary commands.

The vulnerability of the openregion.security module of the “Open Region” platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by uploading a php file to the server via a POST request...

CVE-2019-19595

reset/modules/advancedformmakeredit/multiupload/upload.php in the RESET.PRO Adobe Stock API integration 4.8 for PrestaShop allows remote attackers to execute arbitrary code by uploading a .php file...

CVE-2019-19594

reset/modules/fotoliaFoto/multiupload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file...

CVE-2019-19594

reset/modules/fotoliaFoto/multiupload.php in the RESET.PRO Adobe Stock API Integration for PrestaShop 1.6 and 1.7 allows remote attackers to execute arbitrary code by uploading a .php file...

SQL Injection Vulnerability in the ca***.php file of Yunye CMS Backend

Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. There is a SQL injection vulnerability in the background ca.php file of Yunye CMS. Attackers can use the vulnerability to obtain sensitive information in the database...

CVE-2019-14467

The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked...

CVE-2019-14467

The Social Photo Gallery plugin 1.0 for WordPress allows Remote Code Execution by creating an album and attaching a malicious PHP file in the cover photo album, because the file extension is not checked...

SITOS six Build code issue vulnerability (CNVD-2019-42386)

SITOS is a modular e-learning system. The system includes features such as audio playback, video playback, forums, blogs and social media. A code issue vulnerability exists in SITOS six Build v6.2.1. The vulnerability stems from an improperly designed or implemented code development process for a...

Design/Logic Flaw

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...

SQL injection vulnerability in in***.php file of Laikai e-commerce system (CNVD-2020-00181)

Laike e-commerce system is an open source e-commerce system. Laike e-commerce system in.php file contains a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...

CVE-2019-8154

A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to modify product catalogs can trigger PHP file inclusion through a crafted XML file that specifies product design update...