Lucene search
+L

72 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/07 3:14 a.m.9 views

CVE-2026-41587

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS6.4AI score0.00501EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 3:14 a.m.4 views

CVE-2026-41587 CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS6.5AI score0.00501EPSS
Exploits0References4
CVE
CVE
added 2026/05/07 3:14 a.m.16 views

CVE-2026-41587

CVE-2026-41587 affects CI4MS, a CodeIgniter 4-based CMS skeleton. The vulnerability resides in the theme upload flow: from versions 0.26.0.0 up to before 0.31.7.0, an authenticated backend user with theme-upload permission can upload a crafted ZIP, causing files (including PHP) to be placed into ...

8.6CVSS6.4AI score0.00501EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.12 views

CI4MS 代码问题漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS from 0.26.0.0 to 0.31.7.0 had code-related vulnerabilities. These vulnerabilities stemmed from the theme upload feature not filtering PHP files within ZIP files. This could allow authenticated users to execute...

8.6CVSS6.2AI score0.00501EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.13 views

CI4MS 路径遍历漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.5.0 contained a path traversal vulnerability. This vulnerability stemmed from Theme::upload, which extracted ZIP archives uploaded by users without verifying the entry names. As a result,...

9.4CVSS6AI score0.00484EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/29 8:42 p.m.10 views

Arbitrary File Upload

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the installthemefromtmp process. An attacker can execute arbitrary PHP code on the server by uploading a specially crafted ZIP file containing...

8.6CVSS6.2AI score0.00501EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 8:42 p.m.5 views

GHSA-FW49-9XQ4-GMX6 CI4MS has Unrestricted PHP File Upload via Theme Installation that Leads to Authenticated Remote Code Execution

Summary A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files inside the ZIP are installed into the web-accessible public/ directory with no extension or content filtering, making...

8.6CVSS6.7AI score0.00501EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.25 views

PT-2026-37133

Name of the Vulnerable Software and Affected Versions CI4MS versions 0.26.0.0 through 0.31.6.0 Description A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files within the ZIP are...

8.6CVSS6.4AI score0.00501EPSS
Exploits0References5
OSV
OSV
added 2026/04/22 5:29 p.m.26 views

GHSA-XV3R-VR59-95RG CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE

Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/22 5:29 p.m.7 views

CI4MS Theme::upload is vulnerable to Zip Slip leading to RCE

Summary ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user with the theme create permission to write files to arbitrary filesystem locations Zip Slip and achieve remote code execution by dropping a PHP file under the publ...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34598

Name of the Vulnerable Software and Affected Versions CI4MS Theme affected versions not specified Description The upload function in CI4MS Theme fails to validate entry names when extracting user-uploaded ZIP archives. This allows an authenticated backend user with theme create permissions to...

9.4CVSS6.2AI score0.00484EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.6 views

PT-2026-3929

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code,...

9.4CVSS6.2AI score0.00731EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:41 a.m.16 views

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

7.2CVSS7.5AI score0.37716EPSS
Exploits4References1
Cvelist
Cvelist
added 2025/12/11 9:36 p.m.23 views

CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

8.6CVSS0.00487EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/11 9:36 p.m.1 views

CVE-2024-58295 ElkArte Forum 1.1.9 Authenticated Remote Code Execution via Theme Upload

ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP archive with a PHP file containing system commands, which can then be executed by accessing...

8.6CVSS7.7AI score0.00487EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-25307

Malware in sbrugna...

3.5CVSS4.8AI score0.02747EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-18943

Malware in sbrugna...

7.2CVSS7AI score0.02031EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-4049

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in...

3.5CVSS6.6AI score0.02747EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 p.m.6 views

CVE-2020-28693

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/...

9CVSS7.1AI score0.02498EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:57 a.m.6 views

CVE-2019-9572

SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin=theme=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...

7.2CVSS7.4AI score0.02031EPSS
Exploits1References1
Rows per page
Query Builder