7 matches found
CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...
EUVD-2026-27079
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...
CVE-2026-42796
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...
CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager without authentication or authorization. Attackers can supply a URL to a malicious Python file...
PT-2026-36887
Name of the Vulnerable Software and Affected Versions Arelle versions prior to 2.39.10 Description An unauthenticated remote code execution issue exists in the '/rest/configure' REST endpoint. The endpoint accepts a plugins query parameter and forwards it to the plugin manager without requiring...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Extrakt Framework 0.7 allows remote attackers to inject arbitrary web script or HTML via the pluginsfileid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
PT-2006-3760 · Squirrelmail +1 · Squirrelmail +1
Name of the Vulnerable Software and Affected Versions: SquirrelMail versions 1.4.6 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter, under specific conditions where register globals is enabled and magic quotes gpc is...