flatnux 2021-03.25 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: flatnux-2021-03.25 - Remote Code Execution Authenticated Exploit Author: Ömer Hasan Durmuş Vendor Homepage: https://en.altervista.org Software Link: http://flatnux.altervista.org/flatnux.html Version: 2021-03.25 Tested on: Windows/Linux POST...

Employee Performance Evaluation System 1.0 - File Inclusion Vulnerabilities

Title: Employee Performance Evaluation System-1.0 - File Inclusion Vulnerabilities - RCE - User Interaction Author: nu11secur1ty Vendor: https://www.sourcecodester.com/user/257130/activity Software:...

Drupal 10.0.x < 10.0.5 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

Drupal Access Bypass Vulnerability (SA-CORE-2023-004) - Windows

Drupal is prone to an access bypass vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...

Drupal 9.4.x < 9.4.12 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.95, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.5 or 10.0.x prior to 10.0.5. It is, therefore, affected by multiple vulnerabilities: - The Media module does not properly check entity...

Drupal core - Moderately critical - Access bypass - SA-CORE-2023-004

Drupal core provides a page that outputs the markup from phpinfo to assist with diagnosing PHP configuration. If an attacker was able to achieve an XSS exploit against a privileged user, they may be able to use the phpinfo page to access sensitive information that could be used to escalate the...

WordPress phpinfo() WP Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software phpinfo WP Type Plugin Vulnerable versions = 4.0 Fixed in 5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-26542 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID d7a2bd12bc7c Credits Mika Required privilege...

K17313: PHP vulnerability CVE-2014-4721

Security Advisory Description The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain...

SUSE CVE-2005-3388

Cross-site scripting XSS vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."...

SUSE CVE-2006-0996

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

SUSE CVE-2007-1287

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting XSS attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as originally fixed for CVE-2005-3388...

SUSE CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

U.S. Department of State: Impact of Using the PHP Function "phpinfo()" on System Security - PHP info page disclosure

Sensitive information such as the exact PHP version, operating system and its version, internal IP addresses, server environment variables, and loaded PHP extensions and their configurations could be revealed by using the PHP function "phpinfo". This could potentially be exploited by attackers to...

Ultimate Member < 2.5.1 - Subscriber+ RCE

The plugin does not validate user input passed to calluserfunc via the populatedropdownoptions function, which could allow any authenticated users, such as subscriber to call arbitrary functions without argument ie phpinfo...

Ubuntu: Security Advisory (USN-320-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The plugin lets any user execute arbitrary PHP functions on the site. https://example.com/wp-admin/admin-post.php?vrccmd=phpinfo...

U.S. Dept Of Defense: [███████] Remote Code Execution at ██████ [CVE-2021-44529] [HtUS]

IP Address used to find vulnerability: ██████ Vulnerable Website URL or Application: https://████ pomcldsvr2.████ Proof of ownership: ███ Summary: The server at https://███ is running a vulnerable version of CSA. A code injection vulnerability in the Ivanti EPM Cloud Services Appliance CSA allows...

GHSA-GMC7-JVV7-W245 phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function...

phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information

phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to phpinfo.php, which calls the phpinfo function...

TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...