CVE-2025-46099

CVE-2025-46099 affects Pluck CMS 4.7.20-dev. An authenticated attacker can upload or create a crafted PHP file in the albums module directory and access it via the albums.site.php routing logic, enabling arbitrary command execution through a GET parameter. Root cause: flaw in the module routing l...

CVE-2025-46099

In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic in albums.site.php, resulting in arbitrary command execution through a GET parameter...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

GHSA-M5HW-RHVR-F47C simogeo/filemanager arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-46001

CVE-2025-46001 affects simogeo/filemanager (Filemanager) version 2.3.0. The flaw is in is_allowed_file_type() and allows uploading a crafted PHP file, enabling remote code execution. CVSS v3.1 score is 9.8 (critical) with network attack vector, no user interaction, and no privileges required. Mul...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-46001

An arbitrary file upload vulnerability in the isallowedfiletype function of Filemanager v2.3.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

SEMCMS 安全漏洞

SEMCMS is SEMCMS open source content management system CMS for foreign trade websites that support multi-language. A security vulnerability exists in SEMCMS v5.0, which originates from SQL injection of the pid parameter in SEMCMSQuanxian.php...

PHPGurukul Vehicle Parking Management System 注入漏洞

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter del in the file /admin/reg-users.php that lacks validation of externally entered SQL statements. An attacker can...

WordPress PrivateContent-Mail Actions File Inclusion Vulnerability

WordPress PrivateContent-Mail Actions is the name of the plugin or feature module for mail actions and member management. WordPress PrivateContent-Mail Actions suffers from a file inclusion vulnerability that stems from improper file inclusion control, which can be exploited by an attacker to cau...

Exploit for CVE-2025-34085

📂 Simple File List – Unauthenticated RCE Exploit CVE-2025-340...

CVE-2025-7166

A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

CVE-2025-6746

The WoodMart plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.2.3 via the 'layout' attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server,...

Daily Expense Manager update.php File SQL Injection Vulnerability

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters pname, pprice, and id in the file /update.php. No details of the vulnerabilit...

CVE-2025-6937

A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2021-4457

The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server...

CVE-2025-24760 WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Sofass sofass allows PHP Local File Inclusion.This issue affects Sofass: from n/a through = 1.3.4...

WordPress plugin PrintXtore 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Inventory Management System fetchSelectedCategories.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the categoriesId parameter in the /phpaction/fetchSelectedCategories.php file against externally entered SQL...