Remote file inclusion

Local File Inclusion LFI in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandoraconsole/ajax.php ajax endpoint...

CVE-2018-12046

DedeCMS through 5.7SP2 allows arbitrary file write in dede/filemanagecontrol.php via a dede/filemanageview.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file...

SITEMAKIN SLAC SQL Injection Vulnerability

SITEMAKIN SLAC Site Login and Access Control is a website login and access control software. A SQL injection vulnerability exists in the 'myitemsearch' parameter of the users.php file in SITEMAKIN SLAC version 1.0. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

NUUO NVRmini 2 < 3.9.1 File Upload Vulnerability - Active Check

NUUO NVRmini 2 devices are prone to a file upload vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nuuo:nuuo";...

CScms Cross-Site Request Forgery Vulnerability

CScms is a content management system CMS developed on a CI framework. A cross-site scripting vulnerability exists in the plugins/sys/admin/Sys.php file in CScms version 4.1. A remote attacker can exploit this vulnerability to change the administrator name and password with the help of the...

CVE-2018-10515

In CMS Made Simple CMSMS through 2.2.7, the "file unpack" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive...

ExpressionEngine: RCE By import channel field

The reporter determined that a malicious Channel Set could be used to allow an administrator to upload a PHP file that they might otherwise not have permission to upload. Combined with the temporary folder name algorithm being available in the source code, the malicious administrator could...

Security feature bypass

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...

CVE-2018-5779

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...

CVE-2018-5779

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...

CVE-2018-5779

A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to copy a malicious script into a newly generated PHP file and then execute the generated file using special...

SQL Injection Vulnerability in cms js/comments.php File

Search once cms video program is a set of ASP + MSSQL/ACCESS PHP + MYSQL environment to build an intelligent station-building system. Search once cms v1.6 php version of the js/comments.php file there is a sql injection vulnerability, an attacker can use the vulnerability to obtain database...

PT-2018-18247 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.5.1.1740 Description: There is a reported issue in Z-BlogPHP where the cmd.php file is susceptible to XSS attacks via the ZC BLOG SUBNAME parameter or the ZC UPLOAD FILETYPE parameter. However, the software maintainer...

CVE-2018-7434

zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qqconnect2.0/API/class/ErrorCase.class.php or 3/ucenterapi/code/friend.php...

Schools Alert Management Script 2.0.2 Arbitrary File Upload / Remote Code Execution

Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author:...

Local File Inclusion Vulnerability in phpyun v4.3.1 Beta

PHP cloud talent system phpyun is an open source talent and enterprise job search recruitment, hiring solutions built using PHP and MySQL database. A local file inclusion vulnerability exists in phpyun v4.3.1 Beta. An attacker can obtain a webshell by including an external php file to execute a...

CVE-2018-5700

Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copyfolderfile call in inc/class.ftpfolder.php to move a .php file from the FTP folder into a web folder...

Arbitrary Code Execution

October CMS is vulnerable to arbitrary code execution. The library does not restrict the files that can be uploaded, allowing a malicious user to upload a malicious PHP file to the server that can get executed...

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution

WP Support Plus Responsive Ticket System Choose a file ending with .phtml: After doing this, an uploaded file can be accessed at, say: http://example.com/wp-content/uploads/wpsp/1510248571filename.phtml...

WP Support Plus Responsive Ticket System < 8.0.8 - Remote Code Execution

WP Support Plus Responsive Ticket System = 8.0.7 allows anyone to upload PHP files with extensions like ".phtml", ".php4", ".php5", and so on, all of which are run as if their extension was ".php" on most hosting platforms. This is because "includes/admin/attachment/uploadAttachment.php" contains...