7 matches found
CVE-2026-1606
CVE-2026-1606 affects GitLab CE/EE (versions 14.8–before 18.11.6, 19.0–before 19.0.3, 19.1–before 19.1.1). The issue stems from improper input validation and could allow an authenticated user to conceal content within a Snippet. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N ...
CVE-2026-1606 Improper Control of Generation of Code ('Code Injection') in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.8 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticated user to conceal content within a Snippet due to improper input validation...
EUVD-2018-7743
Malware in sbrugna...
CVE-2020-23219
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module...
CVE-2020-23219
Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a crafted payload entered into the "Snippet content" field under the "Edit Snippet" module...
Monstra CMS 代码注入漏洞
Monstra is a lightweight content management system CMS. A remote code execution vulnerability exists in Monstra version 3.0.4. The vulnerability can be exploited to execute arbitrary code via the "Snippet content" field under the "Edit Snippet" module...
CVE-2018-15886
Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=editsnippet&filename=google-analytics URI, which allows attackers to execute arbitrary PHP code by placing this code after a ?php substring...