13 matches found
Halo 代码问题漏洞
Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Version 2.22.14 of Halo has a code vulnerability. This vulnerability stems from server-side request forgery at the /plugins/-/install-from-uri endpoint, which may allow authenticated attackers to scan internal...
SSCMS 路径遍历漏洞
SSCMS SiteServerCMS is a content management system developed by SSCMS Corporation in China. Versions of SSCMS 7.4.0 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the parameter path in the function PathUtils.RemoveParentPath used in files...
CVE-2025-67089
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...
CVE-2025-67089
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...
CVE-2025-67089
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...
CVE-2025-67089
A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...
CVE-2025-67089
CVE-2025-67089 affects the GL‑iNet GL‑AXT1800 router firmware v4.6.8. The vulnerability is in the plugins.install_package RPC method , which does not sufficiently sanitize the package name, allowing authenticated attackers to execute arbitrary commands with root privileges. The entry lists a CVSS...
PT-2026-1870
Name of the Vulnerable Software and Affected Versions GL-iNet GL-AXT1800 router firmware version 4.6.8 Description A command injection issue exists in the plugins.install package RPC method. The method does not properly sanitize user input in package names, allowing authenticated attackers to...
CVE-2023-36097
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...
fuadmin vulnerable to insecure file upload
funadmin v3.3.2 and v3.3.3 are vulnerable to insecure file upload via the plugins install...
GHSA-5M3M-Q8CQ-77G4 fuadmin vulnerable to insecure file upload
funadmin v3.3.2 and v3.3.3 are vulnerable to insecure file upload via the plugins install...
CVE-2023-36097
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...
Design/Logic Flaw
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install...