13 matches found
EUVD-2021-2479
Malware in sbrugna...
EUVD-2018-7996
Malware in sbrugna...
EUVD-2014-2696
Malware in sbrugna...
CVE-2021-43835
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not...
Design/Logic Flaw
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not...
CVE-2021-43835 Privilege escalation in the Sulu Admin panel
Sulu is an open-source PHP content management system based on the Symfony framework. In affected versions Sulu users who have access to any subset of the admin UI are able to elevate their privilege. Over the API it was possible for them to give themselves permissions to areas which they did not...
CVE-2018-18888
An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed...
CVE-2018-16410
Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php...
Arbitrary file deletion
ThinkCMF X2.2.3 has an arbitrary file deletion vulnerability in doavatar in \application\User\Controller\ProfileController.class.php via an imgurl parameter with a ..\ sequence. A member user can delete any file on a Windows server...
Unrestricted file upload
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
CVE-2014-2664
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct...
CVE-2014-2664
The CVE affects X2Engine X2CRM before 4.0. Affected component: ProfileController::actionUploadPhoto in protected/controllers/ProfileController.php. Root cause: unrestricted file upload allows uploading a file with an executable extension, enabling remote code execution when the file is accessed d...
thinkcmf \application\User\Controller\ProfileController.class.php arbitrary file delete vulnerability
No description provided by source...