CVE-2025-29405

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5. allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2024-13790 MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion

The MinimogWP – The High Converting eCommerce WordPress Theme theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.7.0 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the...

CVE-2025-29405

CVE-2025-29405 describes an arbitrary file upload vulnerability in the EMLog Pro CMS. Affected: emlog pro versions 2.5.0 and 2.5.*. Vulnerable component: in the /admin/template.php endpoint, allowing an attacker to upload a crafted PHP file and achieve code execution. Root cause: unvalidated file...

CVE-2025-29405

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5. allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2025-29405

An arbitrary file upload vulnerability in the component /admin/template.php of emlog pro 2.5.0 and pro 2.5. allows attackers to execute arbitrary code via uploading a crafted PHP file...

PT-2025-11693 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: emlog pro version 2.5.7 Description: An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro allows attackers to execute arbitrary code via uploading a crafted PHP file. The vulnerability is located in the...

CVE-2025-29401

CVE-2025-29401 is an arbitrary file upload vulnerability affecting emlog pro v2.5.7 in the /views/plugin.php component. The issue allows an attacker to upload a crafted PHP file and achieve remote code execution (RCE). The CVSS 3.1 vector indicates network access, no privileges required, no user ...

CVE-2025-29401

An arbitrary file upload vulnerability in the component /views/plugin.php of emlog pro v2.5.7 allows attackers to execute arbitrary code via uploading a crafted PHP file...

VulnCheck KEV: CVE-2025-2505

The Age Gate plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 3.5.3 via the 'lang' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the server, allowing the execution of code in...

UBUNTU-CVE-2025-24801

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

CVE-2025-29930

CVE-2025-29930 affects imFAQ (ImpressCMS) prior to version 1.0.1. The root cause is unsanitized GET parameters seoOp and seoArg, which can be manipulated (e.g., seoOp=php://filter/read=convert.base64-encode/resource=/var/www/html/config.php) to trigger a Local File Inclusion (LFI) that could allo...

CVE-2025-22623

Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php...

Linux Distros Unpatched Vulnerability : CVE-2020-7062

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but...

WordPress plugin WP Vehicle Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin VG PostCarousel 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-7685 · Sourcecodester · Sourcecodester Elearning System

Name of the Vulnerable Software and Affected Versions: SourceCodester E-Learning System version 1.0 Description: A vulnerability was found in the User Registration Handler component, specifically affecting the /register.php file. This issue leads to cross-site scripting and can be initiated...

CVE-2025-25876

A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /delete.php. The attack can use SQL injection to obtain sensitive data...

FileRise

FileRise !GitHub starshttps://img.shields.io/github/stars...