6 matches found
CVE-2026-41937
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...
CVE-2026-41937 Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload
Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...
CVE-2025-51459
File Upload vulnerability in agent.hub.controller.refreshplugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with pluginhub.sanitizefilename and pluginsutil.scanplugi...
BIT-PHPLIST-2020-22249
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...
PhpList 代码问题漏洞
phpList is an open source newsletter and email marketing software from phpList UK. A remote code execution vulnerability exists in phpList version 3.5.1, which stems from the product's failure to check for any file extensions stored in the plugin's zip file, and can be exploited by an attacker wh...
File Upload Vulnerability in ShopXO V1.6.0
ShopXO V1.6.0 is an enterprise-level B2C free open source mall system . A file upload vulnerability exists in shopxo V1.6.0. An attacker can obtain system server privileges by uploading a plug-in zip archive with a php trojan attached...