Lucene search
+L

72 matches found

NVD
NVD
added 2025/02/07 10:15 p.m.12 views

CVE-2025-1113

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /adminthemes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been...

9.8CVSS0.005EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/02/07 9:31 p.m.21 views

CVE-2025-1113 taisan tarzan-cms Add Theme admin#themes upload deserialization

A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /adminthemes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been...

6.5CVSS0.005EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/02/07 12:0 a.m.5 views

Tarzan-CMS 安全漏洞

Tarzan-CMS is a modern open source content management system CMS based on the Java technology stack by the Tarzan team. A security vulnerability exists in Tarzan-CMS 1.0.0 and earlier versions, which stems from a deserialization due to the file/adminthemes upload function of the Add Theme Handler...

9.8CVSS6.5AI score0.005EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:11 a.m.24 views

BIT-WORDPRESS-2020-4049 Authenticated self-XSS via theme uploads in WordPress

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

3.5CVSS5AI score0.02747EPSS
Exploits0References9
OSV
OSV
added 2024/03/06 11:10 a.m.29 views

BIT-WORDPRESS-MULTISITE-2020-4049 Authenticated self-XSS via theme uploads in WordPress

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

3.5CVSS5AI score0.02747EPSS
Exploits0References9
VulnCheck KEV
VulnCheck KEV
added 2022/12/05 12:0 a.m.3 views

VulnCheck KEV: CVE-2014-4725

The MailPoet Newsletters wysija-newsletters plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/...

7.5CVSS6.1AI score0.59682EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2022/05/20 10:44 p.m.32 views

CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

3.5CVSS5.3AI score0.02747EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/18 7:15 a.m.4 views

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

7.2CVSS6.1AI score0.37716EPSS
Exploits4References3
NVD
NVD
added 2022/03/18 7:15 a.m.29 views

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

7.2CVSS0.37716EPSS
Exploits4References2
Prion
Prion
added 2022/03/18 7:15 a.m.19 views

Remote code execution

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

6.5CVSS7.3AI score0.37716EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2022/03/18 6:33 a.m.36 views

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

7.6AI score0.37716EPSS
Exploits4References2
OSV
OSV
added 2022/03/18 6:33 a.m.19 views

CVE-2022-26965

In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution...

7.2CVSS7.7AI score0.37716EPSS
Exploits4References4
Packet Storm
Packet Storm
added 2022/03/16 12:0 a.m.305 views

Pluck CMS 4.7.16 Shell Upload

Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...

0.1AI score0.37716EPSS
Exploits4
Exploit DB
Exploit DB
added 2022/03/16 12:0 a.m.408 views

Pluck CMS 4.7.16 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Date: 13.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.p...

7.2CVSS7AI score0.37716EPSS
Exploits4
0day.today
0day.today
added 2022/03/16 12:0 a.m.1065 views

Pluck CMS 4.7.16 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Pluck CMS 4.7.16 - Remote Code Execution RCE Authenticated Exploit Author: Ashish Koli Shikari Vendor Homepage: https://github.com/pluck-cms/pluck Version: 4.7.16 Tested on Ubuntu 20.04.3 LTS CVE: CVE-2022-26965 Usage : python3 exploit.py Example: python3 exploit.py 127.0.0.1 80...

7.2CVSS0.37716EPSS
Exploits4
NVD
NVD
added 2020/12/23 3:15 a.m.18 views

CVE-2020-35657

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS aka Job Access With Speech product...

7.2CVSS7.2AI score0.02403EPSS
Exploits1References2
Prion
Prion
added 2020/12/23 3:15 a.m.14 views

Design/Logic Flaw

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS aka Job Access With Speech product...

6.5CVSS7.2AI score0.02403EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/12/23 2:3 a.m.20 views

CVE-2020-35657

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS aka Job Access With Speech product...

7.2AI score0.02403EPSS
Exploits1References2
OSV
OSV
added 2020/06/12 4:15 p.m.0 views

DEBIAN-CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

2.4CVSS6.3AI score0.02747EPSS
Exploits0References1
NVD
NVD
added 2020/06/12 4:15 p.m.14 views

CVE-2020-4049

In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version...

3.5CVSS0.02747EPSS
Exploits0References8
Rows per page
Query Builder