3 matches found
CVE-2026-42796
CVE-2026-42796 affects Arelle prior to 2.39.10. An unauthenticated remote code execution exists in the /rest/configure REST endpoint, where the plugins parameter is forwarded to the plugin manager without auth. An attacker can supply a URL to a malicious Python file via plugins, causing the Arell...
EUVD-2017-9638
Malware in sbrugna...
security flaw
PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by...