Subrion CMS RCE Vulnerability

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

UBUNTU-CVE-2020-14209

Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control e.g., to let .noexe files be executed as PHP co...

Design/Logic Flaw

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

PT-2018-14956 · Subrion · Subrion Cms

Name of the Vulnerable Software and Affected Versions: Subrion CMS version 4.2.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a .pht or .phar file. This is because the .htaccess file omits these file types, specifically affecting the /panel/uploads endpoint...