OIC Exponent CMS 代码问题漏洞

OIC Exponent CMS is a free, open source PHP-based modular content management system CMS from OIC, Inc. The system supports direct editing in pages and provides user management, site configuration, content editing, etc. Exponent CMS has a file upload vulnerability that stems from the application's...

MartDevelopers KEA-Hotel-ERP 代码问题漏洞

MartDevelopers KEA-Hotel-ERP is an open source lightweight hotel enterprise resource planning system. A security vulnerability exists in MartDevelopers KEA-Hotel-ERP that can be exploited by an attacker to upload PHP files using a file upload vulnerability in the service to exploit a remote code...

Apache HTTP Server vulnerable to directory traversal

Overview Apache HTTP Server provided by The Apache Software Foundation contains a directory traversal vulnerability CWE-22. Shungo Kumasaka of Internet Initiative Japan Inc. reported this vulnerability to the developer, and also to IPA in order to notify users of its solution through JVN. JPCERT/...

UBUNTU-CVE-2020-23226

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

WordPress 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Autoptimize plugin versions prior to 2.7.8, which allows an...

PT-2021-15883 · WordPress · Sp Project & Document Manager

Name of the Vulnerable Software and Affected Versions: The SP Project & Document Manager WordPress plugin versions prior to 4.22 Description: The issue allows users to upload files, but the plugin attempts to prevent php and other similar files that could be executed on the server from being...

CVE-2021-3277

Nagios XI 5.7.5 and earlier allows authenticated admins to upload arbitrary files due to improper validation of the rename functionality in custom-includes component, which leads to remote code execution by uploading php files...

PT-2021-19215 · Chiyu Technology · Bf-430 +2

Name of the Vulnerable Software and Affected Versions: CHIYU Technology Inc BF-430, BF-431, and BF-450M TCP/IP Converter devices affected versions not specified Description: A CRLF injection issue was discovered due to a lack of validation on the redirect= parameter available on multiple CGI...

CVE-2021-29641

Directus 8 before 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds only for certain...

CVE-2021-24161

In the Reponsive Menu free and Pro WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attacker could then access those files to achieve remote code execution and further infect the targeted si...

CVE-2019-19020

An issue was discovered in TitanHQ WebTitan before 5.18. In the administration web interface it is possible to upload a crafted backup file that enables an attacker to execute arbitrary code by overwriting existing files or adding new PHP files under the web root. This requires the attacker to ha...

PHP Scripts Mall Advance B2B Script Denial of Service Vulnerability

PHP Scripts Mall Advance B2B Script is a set of PHP-based scripts for B2B business-to-business trading websites. A denial of service vulnerability exists in PHP Scripts Mall Advance B2B Script 2.1.4, which can be exploited by remote attackers to cause a denial of service via JavaScript code in th...

portfolioCMS any.php file upload vulnerability

portfolioCMS is a content management system CMS based on PHP and MySQL. A security vulnerability exists in portfolioCMS version 1.0.5. An attacker can exploit the vulnerability to upload arbitrary .php files with the help of admin/portfolio.php?newpage=true URI...

Joomla! com_foxcontact plugin file upload vulnerability

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A file upload vulnerability exists in the Joomla! comfoxcontact plugin, which can be exploited by remote attackers to upload malicious PHP scripts and execute arbitrary PHP code by...

Directory Traversal Vulnerability in Cicada Knowledge Enterprise Portal System

Cicada Knowledge Enterprise Portal System is a web content management system. A directory traversal vulnerability exists in Cicada Knowledge Enterprise Portal System. The vulnerability is due to improper handling of reading cached files and can be exploited by an attacker to read PHP files on the...

Synology Photo Station File Upload Vulnerability

Synology Photo Station is an online photo album and blog owned and managed by DSM users. A file upload vulnerability exists in PixlrEditorHandler.php in Synology Photo Station, which can be exploited by remote attackers to create arbitrary PHP scripts via the type parameter...

ManageEngine Desktop Central Remote Code Execution (CVE-2017-11346)

A remote Code Execution vulnerability exists in ManageEngine Desktop Central. The vulnerability is due to insufficient check of parameter. By sending crafted request ,a remote attacker can place a file under a directory that allows server-side scripts to run...

Contao Directory Traversal Vulnerability (CNVD-2017-25541)

Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . A security vulnerability exists in Contao versions prior to 3.5.28 and 4.x versions prior to 4.4.1. A remote attacker can exploit the vulnerability...

ManageEngine Desktop Central 10 Build 100087 RCE(CVE-2017-11346)

Description: When uploading a file, the FileUploadServlet class does not check the user-controlled fileName parameter using hasVulnerabilityInFileName function. This allows a remote attacker to create a malicious file and place it under a directory that allows server-side scripts to run, which...

CMS Made Simple Upload Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A security vulnerability exists in CMSMS version...