GHSA-M4F2-XPFQ-H97V Pagekit CMS is vulnerable to OS Command Injection via Storage component

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...

Pagekit 安全漏洞

Pagekit is a modular, lightweight CMS Content Management System from Pagekit open source. A security vulnerability exists in Pagekit version 1.0.18, which originates from the presence of arbitrary file uploads in the /storage/poc.php component, which could lead to the execution of arbitrary code...

Server side request forgery (ssrf)

An issue was discovered in proxy.php in pydio-core in Pydio through 8.2.2. Through an unauthenticated request, it possible to evaluate malicious PHP code by placing it on the fourth line of a .php file, as demonstrated by a PoC.php created by the guest account, with execution via a...

PHPOpenChat 2.3.4/3.0.1 PoC.php Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/12817/info PHPOpenChat is prone to multiple remote file-include vulnerabilities. An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the...

PT-2006-5462 · Phpopenchat · Phpopenchat

Name of the Vulnerable Software and Affected Versions: phpopenchat versions prior to 3.0.2 Description: The issue allows remote attackers to execute arbitrary PHP code via the sourcedir parameter in the contrib/yabbse/poc.php file. A dispute regarding this issue was raised by a third-party...