CVE-2020-16857

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...

Code injection

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local non-SSO user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator enter...

Zenphoto Code Injection Vulnerability

Zenphoto is a content management system CMS. The Zenphoto code injection vulnerability can be exploited by an attacker to execute arbitrary PHP code...

Tecrail Responsive FileManager Input Validation Error Vulnerability

Tecrail Responsive FileManager is an open source file manager written in PHP by Tecrail Italy. The product supports the uploading and management of videos, images or other files. A security vulnerability exists in the ajaxcalls.php file in Tecrail Responsive FileManager 9.14.0 and earlier version...

PT-2020-3996 · Unknown · Responsive Filemanager

Name of the Vulnerable Software and Affected Versions: Responsive Filemanager versions through 9.14.0 Description: An issue was discovered in the ajax calls.php file, specifically in the save img action, where the name parameter lacks validation of the sent extension. This allows for the executio...

SugarCRM pmse_Project Module SQL Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A SQL injection vulnerability exists in the pmseProject module of SugarCRM. The vulnerability stems from a lack of input validation. An authenticated user with regular user privileges can exploit this vulnerability to...

SugarCRM pmse_Inbox Module SQL Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A SQL injection vulnerability exists in the pmseInbox module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit this vulnerability to inject custom PHP code...

China Chopper still active 9 years later

By Paul Rascagneres and Vanja Svajcer. Introduction Threats will commonly fade away over time as they're discovered, reported on, and detected. But China Chopper has found a way to stay relevant, active and effective nine years after its initial discovery. China Chopper is a web shell that allows...

GetSimple CMS Remote Code Execution Vulnerability

GetSimple CMS is a content management system CMS written in PHP. A remote code execution vulnerability exists in GetSimple CMS version 3.3.15 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary PHP code on an affected system...

CVE-2019-9829

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/defaultpc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates...

Metinfo Competitive Conditions Vulnerability

MetInfo is a content management system CMS developed by China Mito MetInfo using PHP and Mysql. A competitive condition vulnerability exists in MetInfo. An attacker can exploit this vulnerability by means of a competitive condition in the backend database backup function via admin / index.php?n =...

SugarCRM (SaveDropDown) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...

Empire CMS Arbitrary PHP Code Execution Vulnerability

EmpireCMS is a free CMS Content Management System. A security vulnerability exists in EmpireCMS version 7.5. The vulnerability can be exploited by remote attackers to execute arbitrary PHP code via the 'ftemp' parameter on the enews=EditMemberForm page...

Code injection

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

IBM WebSphere Commerce 9.0.0.0 through 9.0.0.6 could allow some server-side code injection due to inadequate input control. IBM X-Force ID: 149828...

CVE-2018-1808

CVE-2018-1808 affects IBM WebSphere Commerce versions 9.0.0.0 through 9.0.0.6, where inadequate input control could allow server-side code injection. The trusted sources in the provided documents identify the impact as server-side code injection, with the NVD listing CVSS3 base score 8.8 (HIGH) a...

CVE-2018-18426

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

CVE-2018-18382

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" aka user/edit-profile action...

OTCMS Arbitrary PHP Code Execution Vulnerability

OTCMS is an article-based web content management system CMS. A security vulnerability exists in OTCMS version 3.61. The vulnerability can be exploited by remote attackers to execute arbitrary PHP code with the help of 'accBackupDir' parameter...