163 matches found
CVE-2025-1611
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2025-1611 ShopXO Template ThemeAdminService.php injection
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2025-1611 ShopXO Template ThemeAdminService.php injection
A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...
CVE-2025-1611
ShopXO up to version 6.4.0 is affected by an injection vulnerability in the Template Handler component, specifically within the file app/service/ThemeAdminService.php. The issue is caused by input handling that allows remote exploitation; authenticated administrators can exploit by uploading a ma...
ShopXO 安全漏洞
ShopXO is an open source, enterprise-grade, open source e-commerce system from ShopXO, Inc. A security vulnerability exists in ShopXO version 6.4.0 and prior versions, which stems from the Template Handler module mishandling input, which could lead to a remote attack...
PT-2025-7676 · Shopxo · Shopxo
Name of the Vulnerable Software and Affected Versions: ShopXO versions up to 6.4.0 Description: A vulnerability was found in ShopXO, affecting an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection, and it is possible t...
The vulnerability of the TemplateHandler component in the \src\main\java\com\cms\controller\admin\TemplateController.java file of the Jfinal CMS content management system allows a hacker to execute arbitrary code.
The vulnerability of the TemplateHandler component in the \src\main\java\com\cms\controller\admin\TemplateController.java file of the Jfinal CMS content management system is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
PT-2024-17560 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinalCMS version 1.0 Description: The issue is related to incorrect code generation management in the Template Handler component of the JFinalCMS system. Exploitation of this issue may allow a remote attacker to execute arbitrary code. The...
CVE-2024-8880 playSMS Template index.php code injection
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=coreauth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to...
CVE-2024-8880 playSMS Template index.php code injection
A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=coreauth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to...
CVE-2024-8880
Affects playSMS versions 1.4.4–1.4.7. The vulnerability exists in the Template Handler’s code path for the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot, where manipulation of the arguments username/email/captcha leads to code injection. Impact is remote code execution wit...
VulnCheck KEV: CVE-2023-4450
A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed...
CVE-2024-6470
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php?app=main&inc=featureinboxgroup&op=list of the component Template Handler. The manipulation of the argument Receiver Number with the input id...
CVE-2024-6470
A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php?app=main&inc=featureinboxgroup&op=list of the component Template Handler. The manipulation of the argument Receiver Number with the input id...
CVE-2024-6469
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main&inc=featurefirewall&op=firewalllist of the component Template Handler. The manipulation of the argument IP address with the...
CVE-2024-6469
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main&inc=featurefirewall&op=firewalllist of the component Template Handler. The manipulation of the argument IP address with the...
CVE-2024-6469 playSMS Template injection
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main&inc=featurefirewall&op=firewalllist of the component Template Handler. The manipulation of the argument IP address with the...
playSMS Injection Vulnerability
playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. An injection vulnerability exists in playSMS version 1.4.3, which stems from an issue in the /index.php?app=main&inc=featurefirewall&op=firewalllist file of the Template...
PT-2024-37650 · Playsms · Playsms
Name of the Vulnerable Software and Affected Versions: playSMS version 1.4.3 Description: A vulnerability was found in the Template Handler component, specifically in the file /index.php?app=main&inc=feature firewall&op=firewall list. The manipulation of the id argument leads to injection. The...
playSMS Injection Vulnerability
playSMS is an open source SMS Short Message Service management software from Anton Raharja, an individual developer in India. An injection vulnerability exists in playSMS version 1.4.3, which stems from an issue in the /index.php?app=main&inc=featureinboxgroup&op=list file of the Template Handler...