Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.7 views

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and...

8.8CVSS8.5AI score0.00824EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.22 views

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.6CVSS0.00824EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.6CVSS6.5AI score0.00824EPSS
Exploits1References3
CVE
CVE
added 2025/10/28 12:0 a.m.39 views

CVE-2025-56399

CVE-2025-56399 affects alexusmai/laravel-file-manager 3.3.1 and earlier. An authenticated user can upload a PNG containing PHP code; the upload may bypass client-side validation and be saved on the server. By using the rename API to switch the extension to .php, the file can be accessed via a pub...

8.8CVSS7.2AI score0.00549EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2022/09/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

8.8CVSS7.4AI score0.01113EPSS
Exploits2References1
Rows per page
Query Builder