EUVD-2018-2757

Malware in sbrugna...

CVE-2010-4537

Unspecified vulnerability in CrawlTrack before 3.2.7, when a public stats page is provided, allows remote attackers to execute arbitrary PHP code via unknown vectors...

BIT-DOLIBARR-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

CVE-2021-33816

The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shellexec are blocked but backticks are not blocked...

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

CVE-2013-2010

WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability...

CVE-2013-2009

The CVE-2013-2009 entry concerns WordPress WP Super Cache Plugin 1.2, which is vulnerable to remote PHP code execution via unsanitized input (e.g., malicious blog comments). Root cause cited as an incomplete fix for CVE-2013-2009. Impact is remote code execution on the web server as the web-serve...

Directory traversal

wp-admin/admin-ajax.php?action=newslettersexportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers11 parameter in conjunction with an exportfile=../ value...

CVE-2016-10751

osClass 3.6.1 allows oc-admin/plugins.php Directory Traversal via the plugin parameter. This is exploitable for remote PHP code execution because an administrator can upload an image that contains PHP code in the EXIF data via index.php?page=ajax&action=ajaxupload...

CVE-2018-18083

CVE-2018-18083 affects DuomiCMS 3.0. Affected component: search.php, where the parameter searchword is processed and unsafely uses eval during if processing, enabling remote PHP code execution. This yields high/severe impact (NVD CVSS3: 9.8, CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploit...

CVE-2018-10686

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $REQUEST'path' to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a fileputcontents call in web/upload/UploadHandler.php...

Cross site scripting

An issue was discovered in Vesta Control Panel 0.9.8-20. There is Reflected XSS via $REQUEST'path' to the view/file/index.php URI, which can lead to remote PHP code execution via vectors involving a fileputcontents call in web/upload/UploadHandler.php...

CVE-2017-15935

Artica Pandora FMS version 7.0 is vulnerable to remote PHP code execution through the manager files function. This is only exploitable by administrators who upload a PHP file...

CVE-2017-11585

CVE-2017-11585 affects dayrui FineCMS 5.0.9 with remote PHP code execution through the param parameter in an action=cache request to libraries/Template.php, described as Eval Injection. The vulnerability allows an attacker to inject and execute arbitrary PHP code on the server. Exploitation and e...

WordPress CM Download Manager Code Injection (CVE-2014-8877)

Content Management Download Manager for WordPress is prone to remote PHP-code execution vulnerability because it fails to validate user input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the web server. This may aid in further attacks or lead to a full...

Drupal RESTWS Module Remote PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal RESTWS Module Remote PHP Code Execution', 'Description' = %q This module exploits a Remote PHP Code Execution vulnerability in Drupal RESTW...

InstantCMS 1.6 - Remote PHP Code Execution

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initializeinfo = superupdateinfoinfo, 'Name' = 'InstantCMS 1.6 Remote PHP Code Execution', 'Description' = %q This module exploits an...

ImpressPages cm_group Parameter Remote PHP Code Execution

The ImpressPages install hosted on the remote web server contains a flaw that allows arbitrary PHP code execution. Input passed to the 'cmgroup' parameter is not properly sanitized before being used in a PHP eval function call. An unauthenticated, remote attacker can leverage this vulnerability t...

FreeBSD : phpmyfaq -- Remote PHP Code Execution Vulnerability (c80a3d93-8632-11e1-a374-14dae9ebcf89)

The phpMyFAQ project reports : The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fro...

vBulletin 4.1.2 search.php SQL Injection

Requirements require 'msf/core' Class declaration class Metasploit3 'vBulletin 4 %q vBulletin versions 4 Exploit Only 'James Bercegay http://www.gulftech.org/ ' , 'License' = MSFLICENSE, 'References' = 'BID', '47281' , , 'Privileged' = false, 'Platform' = 'php', 'Arch' = ARCHPHP, 'Targets' =...