Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/05/26 2:12 a.m.14 views

CVE-2026-41937

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 2:30 p.m.10 views

CVE-2026-41937 Vvveb < 1.0.8.3 Unrestricted File Upload RCE via Plugin Upload

Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows superadmin users to execute arbitrary PHP code by uploading a malicious plugin ZIP file. Attackers can craft a ZIP containing a plugin.php with a valid Slug header and a...

8.6CVSS6.2AI score0.00403EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/24 12:23 a.m.7 views

CVE-2025-51459

File Upload vulnerability in agent.hub.controller.refreshplugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with pluginhub.sanitizefilename and pluginsutil.scanplugi...

6.5CVSS7.6AI score0.00349EPSS
Exploits1References1
OSV
OSV
added 2024/03/06 11:4 a.m.17 views

BIT-PHPLIST-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...

9.8CVSS9.9AI score0.0289EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/07/06 12:0 a.m.4 views

PhpList 代码问题漏洞

phpList is an open source newsletter and email marketing software from phpList UK. A remote code execution vulnerability exists in phpList version 3.5.1, which stems from the product's failure to check for any file extensions stored in the plugin's zip file, and can be exploited by an attacker wh...

9.8CVSS6.7AI score0.0289EPSS
Exploits1References2
CNVD
CNVD
added 2019/07/23 12:0 a.m.3 views

File Upload Vulnerability in ShopXO V1.6.0

ShopXO V1.6.0 is an enterprise-level B2C free open source mall system . A file upload vulnerability exists in shopxo V1.6.0. An attacker can obtain system server privileges by uploading a plug-in zip archive with a php trojan attached...

7.1AI score
Exploits0
Rows per page
Query Builder