GHSA-QXMC-6F24-G86G baserCMS has OS Command Injection Leading to Remote Code Execution (RCE)

Summary In the core update functionality of baserCMS, some parameters sent from the admin panel are passed to the exec function without proper validation or escaping. This issue allows an authenticated CMS administrator to execute arbitrary OS commands on the server Remote Code Execution, RCE. Th...

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

CVE-2023-26957

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins...

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...

CVE-2022-31393

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery SSRF vulnerability via the Index function in app/admin/c/PluginsController.php...