9 matches found
EUVD-2026-27893
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...
CVE-2026-41938
Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...
CVE-2026-6249 Vvveb CMS 1.0.8.2 Remote Code Execution via Media Upload
Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious...
CVE-2026-6249
Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious...
CVE-2017-16798
In CMS Made Simple 2.2.3.1, the isfileacceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by...
File Upload Vulnerability in MetInfo System
MetInfo is a Content Management System CMS developed using PHP and Mysql. A file vulnerability exists in the job/uploadfilesave.php file in MetInfo 5.3.17 and earlier versions, which stems from the program only blocking .php extensions and failing to block its related extensions. A remote attacke...
Dotclear Arbitrary PHP Code Execution Vulnerability
Dotclear is a software developer Olivier Meunier developed a free PHP and MySQL-based blog Blog publishing software. A security vulnerability exists in the inc/core/class.dc.core.php file in versions of Dotclear prior to 2.8.2. A remote attacker can exploit this vulnerability by uploading a file...
Flatnux 2009-03-27 (Upload/ID) Multiple Remote Vulnerabilities
No description provided by source. Author: girex Homepage: girex.altervista.org Date: 17/04/2009 CMS: flatnux-2009-03-27 site: flatnux.altervista.org Bugs: Multiple remote vulnerabilities Flatnux suffers of multiple local file inclusions: output of my scanner Line: 10 File:...
Flatnux 2009-03-27 (Upload/ID) Multiple Remote Vulnerabilities
Exploit for unknown platform in category web applications ============================================================== Flatnux 2009-03-27 Upload/ID Multiple Remote Vulnerabilities ============================================================== Author: girex Date: 17/04/2009 CMS: flatnux-2009-03-...