72 matches found
CVE-2026-41587
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...
CVE-2026-41587 CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...
CVE-2026-41587
CVE-2026-41587 affects CI4MS, a CodeIgniter 4-based CMS skeleton. The vulnerability resides in the theme upload flow: from versions 0.26.0.0 up to before 0.31.7.0, an authenticated backend user with theme-upload permission can upload a crafted ZIP, causing files (including PHP) to be placed into ...
CI4MS 代码问题漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS from 0.26.0.0 to 0.31.7.0 had code-related vulnerabilities. These vulnerabilities stemmed from the theme upload feature not filtering PHP files within ZIP files. This could allow authenticated users to execute...
CI4MS 路径遍历漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.5.0 contained a path traversal vulnerability. This vulnerability stemmed from Theme::upload, which extracted ZIP archives uploaded by users without verifying the entry names. As a result,...
Arbitrary File Upload
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the installthemefromtmp process. An attacker can execute arbitrary PHP code on the server by uploading a specially crafted ZIP file containing...
GHSA-FW49-9XQ4-GMX6 CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution
Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...
PT-2026-37133
Name of the Vulnerable Software and Affected Versions CI4MS versions 0.26.0.0 through 0.31.6.0 Description A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files within the ZIP are...
GHSA-XV3R-VR59-95RG CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE
Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...
CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE
Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...
PT-2026-34598
Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...
PT-2026-3929
Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...
CVE-2022-26965
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...
CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...
CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload
ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...
EUVD-2020-25307
Malware in sbrugna...
EUVD-2019-18943
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-4049
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in...
CVE-2020-28693
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/...
CVE-2019-9572
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin=theme=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...