Lucene search
K

16 matches found

NVD
NVD
added 2025/12/15 9:15 p.m.4 views

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.8CVSS0.00824EPSS
Exploits1References3
OSV
OSV
added 2025/12/15 9:15 p.m.2 views

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and...

8.8CVSS6.5AI score0.00824EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.22 views

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.6CVSS0.00824EPSS
Exploits1References3
CVE
CVE
added 2025/12/15 8:28 p.m.13 views

CVE-2023-53888

CVE-2023-53888 affects Zomplog 3.9. An authenticated attacker can upload JavaScript files, rename them to PHP, and trigger arbitrary PHP code execution via the app’s file-manipulation endpoints (saveE and rename actions). The vulnerability originates from the authenticated file manipulation workf...

8.8CVSS6.5AI score0.00824EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-9070

Malware in sbrugna...

5CVSS6.4AI score0.01407EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2019-3185

Malware in sbrugna...

4.8CVSS5.1AI score0.00614EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 a.m.7 views

CVE-2019-11513

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...

4.8CVSS5.8AI score0.00614EPSS
Exploits1References1
OSV
OSV
added 2019/04/25 3:29 a.m.1 views

CVE-2019-11513

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...

4.8CVSS5.8AI score0.00614EPSS
Exploits1References1
Prion
Prion
added 2019/04/25 3:29 a.m.14 views

Design/Logic Flaw

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...

3.5CVSS4.8AI score0.00614EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/04/25 3:29 a.m.19 views

CVE-2019-11513

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...

4.8CVSS4.9AI score0.00614EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/04/25 2:52 a.m.22 views

CVE-2019-11513

The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action...

5AI score0.00614EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/03/30 4:29 p.m.2 views

CVE-2018-9134

filemanagecontrol.php in DedeCMS 5.7 has CSRF in an fmdo=rename action, as demonstrated by renaming an arbitrary file under uploads/userup to a .php file under the web root to achieve PHP code execution. This uses the oldfilename and newfilename parameters...

8.8CVSS6AI score0.00733EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2015/11/16 11:0 a.m.37 views

CVE-2015-2925

The prependpath function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."...

6.9CVSS6.6AI score0.01246EPSS
Exploits0
Prion
Prion
added 2015/01/08 8:59 p.m.15 views

Cross site scripting

Cross-site scripting XSS vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the shortname parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for mor...

4.3CVSS5.8AI score0.01474EPSS
Exploits10References1Affected Software1
Prion
Prion
added 2014/12/15 6:59 p.m.17 views

Design/Logic Flaw

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...

5CVSS6.7AI score0.01407EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/12/15 5:27 p.m.27 views

CVE-2014-9245

Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by internal URL information, aka ZEN-15382...

7.4AI score0.01407EPSS
Exploits0References2
Rows per page
Query Builder