GHSA-XJ84-6Q8F-QG2R TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...

WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion

Exploit Title: WordPress Plugin video-synchro-pdf 1.7.4 - Local File Inclusion Google Dork: inurl:/wp-content/plugins/video-synchro-pdf/ Date: 26-03-2022 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/video-synchro-pdf/ Version: 1.7.4 Tested on:...

Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call

The plugin does not have authorisation and CSRF checks in the wptadminupdatenoticeoption AJAX action available to both unauthenticated and authenticated users, as well as does not validate the callback parameter, allowing unauthenticated attackers to call arbitrary functions with either none or o...

RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated) Vulnerability

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse.. 4. Upload any fi...

RiteCMS 3.1.0 - Arbitrary File Overwrite (Authenticated)

Exploit Title: RiteCMS 3.1.0 - Arbitrary File Overwrite Authenticated Date: 25/07/2021 Exploit Author: faisalfs10x https://github.com/faisalfs10x Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: Browse...

AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation

The plugin does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions. Attack Procedures 1 Run this in Dashboard while logged in as Subscribe...

GHSA-CVH5-P6R6-G2QC Exposed phpinfo() leadked via documentation files

Impact The phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule .htaccess, etc. Patches Only the v6, v7 and v8 will be patched respectively in...

Exposed phpinfo() leadked via documentation files

Impact The phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located outside the web directory or protected via server rule .htaccess, etc. Patches Only the v6, v7 and v8 will be patched respectively in...

Fileviewer <= 2.2 - Arbitrary File Upload/Deletion via CSRF

The plugin does not have CSRF checks in place when performing actions such as upload and delete files. As a result, attackers could make a logged in administrator delete and upload arbitrary files via a CSRF attack To delete /phpinfo.php:...

CVE-2021-37704

PhpFastCache is a high-performance backend cache system packagist package phpfastcache/phpfastcache. In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located...

Design/Logic Flaw

PhpFastCache is a high-performance backend cache system packagist package phpfastcache/phpfastcache. In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located...

CVE-2021-37704

PhpFastCache is a high-performance backend cache system packagist package phpfastcache/phpfastcache. In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located...

CVE-2021-37704 Exposed phpinfo() in PhpFastCache

PhpFastCache is a high-performance backend cache system packagist package phpfastcache/phpfastcache. In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located...

CVE-2021-37704

CVE-2021-37704 affects PhpFastCache when the composer/vendor directory is not protected. The issue allows exposure of the phpinfo() page in unprotected /vendor, applicable to PHPFastCache versions prior to 6.1.5, 7.1.2, and 8.0.7. Patched releases are 6.1.5+ (for v6), 7.1.2+ (for v7), and 8.0.7+ ...

PT-2021-21823 · Unknown · Phpfastcache

Name of the Vulnerable Software and Affected Versions: PhpFastCache versions prior to 6.1.5 PhpFastCache versions prior to 7.1.2 PhpFastCache versions prior to 8.0.7 Description: The issue concerns the exposure of phpinfo when the /vendor directory is not protected from public access. This...

rConfig 3.9.6 Shell Upload

Exploit Title: rConfig 3.9.6 - Arbitrary File Upload to Remote Code Execution Authenticated Date: 2021-03-17 Exploit Author: Murat ŞEKER Vendor Homepage: https://www.rconfig.com Software Link: https://www.rconfig.com/downloads/rconfig-3.9.6.zip Version: rConfig v3.9.6 Install scripts :...

All Vulnerabilities for stevenfowler.me Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| stevenfowler.me ---|--- Open Bug Bounty...

All Vulnerabilities for gautamthapar.me Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| gautamthapar.me ---|--- Open Bug Bounty...

All Vulnerabilities for shenasname.ir Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| shenasname.ir ---|--- Open Bug Bounty...

All Vulnerabilities for serialupdates.me Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| serialupdates.me ---|--- Open Bug Bount...