Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

764 matches found

NVD
NVDadded 2023/11/21 10:15 p.m.30 views

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS0.94329EPSS
Exploits5References3
Prion
Prionadded 2023/11/21 10:15 p.m.19 views

Design/Logic Flaw

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

5CVSS6.4AI score0.94329EPSS
Exploits5References2Affected Software1
CVE
CVEadded 2023/11/21 12:0 a.m.540 views

CVE-2023-49103

The CVE-2023-49103 vulnerability affects ownCloud graphapi in versions 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The issue stems from a third‑party GetPhpInfo.php that returns a phpinfo() output, exposing the PHP environment and webserver variables (potentially including admin passwords, mail cr...

10CVSS7.2AI score0.94329EPSS
In wildExploits5References3Affected Software1
CNNVD
CNNVDadded 2023/11/21 12:0 a.m.2 views

ownCloud Security Breach

ownCloud is a suite of personal cloud storage solutions from the US-based company ownCloud. A security vulnerability exists in ownCloud graphapi versions prior to 0.2.1, 0.3.1 and 0.3.1. The vulnerability stems from the fact that the graphapi application relies on the third-party GetPhpInfo.php...

10CVSS6.5AI score0.94329EPSS
Exploits5References3
wpexploit
wpexploitadded 2023/11/21 12:0 a.m.153 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. Submit the following form as a Super Admin notice that it does not contain a nonce. Despite the error,...

8.8CVSS9.7AI score0.00756EPSS
Exploits2
Cvelist
Cvelistadded 2023/11/21 12:0 a.m.26 views

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...

10CVSS9.3AI score0.94329EPSS
Exploits5References2
WPVulnDB
WPVulnDBadded 2023/11/21 12:0 a.m.16 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. PoC Submit the following form as a Super Admin notice that it does not contain a nonce. Despite the error...

8.8CVSS9.6AI score0.00756EPSS
Exploits2Affected Software1
NVD
NVDadded 2023/10/19 3:15 p.m.7 views

CVE-2023-46042

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo...

9.8CVSS9.5AI score0.68243EPSS
Exploits1References1
OSV
OSVadded 2023/10/19 3:15 p.m.1 views

CVE-2023-46042

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo...

9.8CVSS6.1AI score
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2023/10/19 3:15 p.m.0 views

CVE-2023-46042

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo...

9.8CVSS6.2AI score0.68243EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2023/10/19 12:0 a.m.12 views

CVE-2023-46042

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo...

7.8AI score0.68243EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2023/10/19 12:0 a.m.3 views

PT-2023-29812 · Unknown · Getsimple Cms

Name of the Vulnerable Software and Affected Versions: GetSimpleCMS version 3.4.0a Description: An issue in GetSimpleCMS allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo function. Recommendations: For GetSimpleCMS version 3.4.0a, update to a version that fix...

9.8CVSS8.4AI score0.68243EPSS
Exploits1References7
ATTACKERKB
ATTACKERKBadded 2023/09/20 9:15 p.m.0 views

CVE-2023-39677

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...

7.5CVSS5.8AI score0.77217EPSS
Exploits1References5
NVD
NVDadded 2023/09/20 9:15 p.m.12 views

CVE-2023-39677

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...

7.5CVSS7.4AI score0.77217EPSS
Exploits1References3
Prion
Prionadded 2023/09/20 9:15 p.m.47 views

Information disclosure

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...

5CVSS7.3AI score0.77217EPSS
Exploits1References3Affected Software2
CVE
CVEadded 2023/09/20 12:0 a.m.70 views

CVE-2023-39677

CVE-2023-39677 corresponds to a PHPInfo disclosure in PrestaShop modules MyPrestaModules (Module v6.2.9) and UpdateProducts (Module v3.6.9) via the send.php endpoint. The NVD entry notes a CVSS v3.1 base score of 7.5 (High) with network attack vector, no privileges required, no user interaction, ...

7.5CVSS7.3AI score0.77217EPSS
Exploits1References3Affected Software2
Cvelist
Cvelistadded 2023/09/20 12:0 a.m.13 views

CVE-2023-39677

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...

7.6AI score0.77217EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2023/09/20 12:0 a.m.9 views

CVE-2023-39677

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...

7AI score0.77217EPSS
Exploits1References3
0day.today
0day.todayadded 2023/09/11 12:0 a.m.289 views

soosyze 2.0.0 - File Upload Exploit

Title: soosyze 2.0.0 - File Upload Author: nu11secur1ty Vendor: https://soosyze.com/ Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0 Reference: https://portswigger.net/web-security/file-upload Description: Broken file upload logic. The malicious user can upload whatever he wants t...

7.1AI score
Exploits0
Positive Technologies
Positive Technologiesadded 2023/09/08 12:0 a.m.1 views

PT-2023-27068 · Prestashop · Updateproducts Prestashop Module +1

Name of the Vulnerable Software and Affected Versions: MyPrestaModules Prestashop Module version 6.2.9 UpdateProducts Prestashop Module version 3.6.9 Description: A PHPInfo information disclosure issue was discovered in the send.php file, allowing potential access to sensitive information...

7.5CVSS6.8AI score0.77217EPSS
Exploits1References9
Rows per page
Query Builder