Beauty Parlour Management System /forgot-password.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...

CVE-2005-2325

Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full path of the web root via a direct request to 1 ticker.php, 2 menu.php, 3 banned.php, 4 endlayout.php, 5 randomhlinesblock.php, 6 showlast.php, 7 showlast5class1.php, 8 showlast5phorum.php, 9 showlast5phorumblock.php, 10...

CVE-2002-2015

PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows remote attackers to include arbitrary files and possibly execute code via the caselist parameter...

CVE-2006-7000

Headstart Solutions DeskPRO allows remote attackers to obtain the full path via direct requests to 1 email/mail.php, 2 includes/init.php, 3 certain files in includes/cron/, and 4 jpgraph.php, 5 jpgraphbar.php, 6 jpgraphpie.php, and 7 jpgraphpie3d.php in includes/graph/, which leaks the path in...

Arbitrary File Access

getkirby/cms is vulnerable to Arbitrary File Access. The vulnerability is due to missing path traversal checks in the snippet helper or $kirby-snippet method when used with dynamic snippet names, allowing attackers to access and execute arbitrary PHP files on the server...

emlog 代码问题漏洞

emlog is emlog open source a set of PHP and MySQL based CMS site building system . A code issue vulnerability exists in versions prior to emlog 2.5.10, which stems from store.php not properly validating the contents of the ZIP plugin file, which could lead to the execution of arbitrary code...

CVE-2025-46191

Arbitrary File Upload in userpaymentupdate.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploadedfilecancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attacker...

CVE-2025-47508 WordPress GamiPress <= 7.3.7 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ruben Garcia GamiPress allows PHP Local File Inclusion. This issue affects GamiPress: from n/a through 7.3.7...

Remote Code Execution (RCE)

yeswiki/yeswiki is vulnerable to Remote Code Execution RCE. The vulnerability is due to arbitrary file write, which allows attackers to upload PHP files that can be executed on the server...

Personal Weather Station Dashboard 安全漏洞

Personal Weather Station Dashboard PWSDashboard is a data-rich weather dashboard from the PWSDashboard open source. A security vulnerability exists in Personal Weather Station Dashboard, which stems from a directory traversal vulnerability in /test.php that could lead to reading arbitrary files...

WordPress plugin GamiPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server, resulting in a full compromise of...

YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution

Summary An arbitrary file write can be used to write a file with a PHP extension, which then can be browsed to in order to execute arbitrary code on the server. All testing was performed on a local docker setup running the latest version of the application. PoC Proof of Concept Navigate to...

CVE-2025-2101 Edumall <= 4.2.4 - Unauthenticated Local File Inclusion

The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumalllazyloadtemplate' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the serve...

CVE-2025-29015

Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting XSS via the name parameter in /admin/pagesaccount.php...

PT-2025-17957 · WordPress · Edumall

Name of the Vulnerable Software and Affected Versions: Edumall theme for WordPress versions up to, and including, 4.2.4 Description: The issue allows unauthenticated attackers to include and execute arbitrary PHP files on the server via the template parameter of the 'edumall lazy load template'...

SUSE CVE-2017-13670

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajaxupload.php, as demonstrated by a ZIP archive that contains a .php file...

WordPress plugin cedcommerce Product Lister for eBay 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin CWW Portfolio 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...