CVE-2017-20251

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...

EUVD-2017-18977

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint...

EUVD-2018-2757

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-33816

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexe...

CVE-2010-4537

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors...

BIT-DOLIBARR-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

WordPress Popular Posts < 5.3.3 - Authenticated Code Injection

Jerome Bruandet from NinTechNet discovered a code injection issue in the plugin before 5.3.3: "When thumbnails settings are set to 'Custom field name' and 'Resize image from Custom field' they aren’t by default, a user with contributor role or above can bypass the file type verification, download...

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

CVE-2013-2009

The CVE-2013-2009 entry concerns WordPress WP Super Cache Plugin 1.2, which is vulnerable to remote PHP code execution via unsanitized input (e.g., malicious blog comments). Root cause cited as an incomplete fix for CVE-2013-2009. Impact is remote code execution on the web server as the web-serve...

Directory traversal

wp-admin/admin-ajax.php?action=newslettersexportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers11 parameter in conjunction with an exportfile=../ value...

CVE-2016-10751

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajaxupload...

CVE-2018-18083

CVE-2018-18083 affects DuomiCMS 3.0. Affected component: search.php, where the parameter searchword is processed and unsafely uses eval during if processing, enabling remote PHP code execution. This yields high/severe impact (NVD CVSS3: 9.8, CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploit...

Cross site scripting

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $REQUEST'path' to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a fileputcontents call in web/upload/UploadHandler.php...

CVE-2018-10686

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $REQUEST'path' to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a fileputcontents call in web/upload/UploadHandler.php...

PbootCMS Cross-Site Request Forgery Vulnerability

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. A cross-site request forgery vulnerability exists in PbootCMS version 0.9.8. A remote attacker can exploit this vulnerability by sending admin.php/Message/mod/id/19.html?backurl=/index.p...

CVE-2018-9847

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2017-15935

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file...

CVE-2017-11585

CVE-2017-11585 affects dayrui FineCMS 5.0.9 with remote PHP code execution through the param parameter in an action=cache request to libraries/Template.php, described as Eval Injection. The vulnerability allows an attacker to inject and execute arbitrary PHP code on the server. Exploitation and e...