CVE-2023-54352 WordPress Seotheme Remote Code Execution Unauthenticated

WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers can access the uploaded PHP shell at /wp-content/themes/seotheme/mar.php to execute system commands...

CVE-2023-54352

The CVE-2023-54352 entry concerns WordPress Seotheme, where unauthenticated attackers can trigger remote code execution by uploading malicious files to the theme directory. The attack enables access to a PHP shell at /wp-content/themes/seotheme/mar.php to run system commands and upload additional...

WordPress plugin Seotheme 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-47236

Name of the Vulnerable Software and Affected Versions Travelscape version 1.0.3 Description Insufficient validation in the theme's upload functionality allows unauthenticated attackers to upload arbitrary files to the theme directory. This can lead to remote code execution on the affected WordPre...

EUVD-2008-6621

Malware in sbrugna...

VulnCheck KEV: CVE-2023-32235

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js...

DEBIAN-CVE-2017-5490

Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...

UBUNTU-CVE-2017-5490

Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...

Coppermine Photo Gallery <= 1.2.2b (Nuke Addon) Include Vulnerability

No description provided by source. ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Coppermine Photo Gallery v1.2.2b for PHPNUKE THEMEDIR Remote File...

PT-2012-2068 · Gr Board · Gboard

Name of the Vulnerable Software and Affected Versions: GR Board aka grboard version 1.8.6.5 Community Edition Description: The issue allows remote attackers to modify or delete data without requiring authentication for certain database actions. This can be achieved by sending a request to specifi...

CVE-2008-3563

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the checked array parameter to plog-download.php in an album action and 2 unspecified parameters to plog-remote.php, and 3 allow remote authenticated administrators to...