14 matches found
CVE-2026-26682
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...
CVE-2026-26682
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...
CVE-2026-26682
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...
FastCMS 安全漏洞
FastCMS is a content management system developed by FastCMS Inc. Versions of FastCMS prior to 0.1.6 contained security vulnerabilities. These vulnerabilities were caused by issues with the PluginController.java component, which could allow local attackers to execute arbitrary code...
CVE-2026-26682
An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...
CVE-2026-1549 jishenghua jshERP PluginController uploadPluginConfigFile path traversal
A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation of the argument configFile leads to path traversal. The attack may ...
openBI Code Issues Vulnerabilities
openBI is a big data visualization solution from openBI. A code issue vulnerability exists in openBI prior to version 1.0.8, which stems from a problem in the index function of the /application/plugins/controller/Upload.php file, which could lead to unrestricted file uploads...
CVE-2022-35946
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...
UBUNTU-CVE-2022-35946
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...
Design/Logic Flaw
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...
CVE-2022-35946 SQL injection through plugin controller in GLPI
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...
CVE-2022-35946
GLPI vulnerability CVE-2022-35946 is a misvalidation in the plugin controller that can expose the low-level Plugin class API. An attacker with General setup rights can alter database data via this input handling flaw. The recommended fix is upgrading GLPI to version 10.0.3; as a workaround, remov...
CVE-2022-35946 SQL injection through plugin controller in GLPI
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In affected versions request input is not properly validated in the plugin controller and can be used ...
PT-2022-7404 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.3 Description: The issue is related to improper validation of request input in the plugin controller, allowing access to the low-level API of the Plugin class. This can be exploited by an attacker to alter database...