EUVD-2021-34798

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

CVE-2020-20919

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

CVE-2024-50809

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands...

CVE-2024-50809

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands...

CVE-2024-50809

CVE-2024-50809 affects SDCMS 2.8 via a vulnerability in the theme.php file that enables command execution (system commands). Multiple sources (NVD, Red Hat, CNNVD, CVE lists, CIRCL) confirm the vulnerable component; CVSSv3.1 base score is 8.8 (High) with network attack vector, low complexity, and...

CVE-2024-50809

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands...

CVE-2020-20919

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

CVE-2020-20919

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

Unrestricted file upload

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

Server side request forgery (ssrf)

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

CVE-2022-41477

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

Cross-site Scripting (XSS) - Generic in emoncms/emoncms

✍️ Description Line 94 of theme.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in theme.php at line 94. 🕵️‍♂️ Proof of Concept $q = ""; if isset$GET'q' $q = $GET'q'; //get in line 16 //print in line...

WordPress 3.9.x < 3.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

CVE-2017-5490

Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...

CVE-2017-5490

Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...

WordPress <= 4.4.0 - Multiple XSS

Multiple cross site scripting vulnerabilities were found in wp-includes/class-wp-theme.php. These vulnerabilities allow the attackers to inject arbitrary web script or HTML via a 1. stylesheet name or 2. template name to wp-admin/customize.php. Solution Upgrade WordPress...

Chyrp 'class/Theme.php' Cross-Site Scripting Vulnerability

Chyrp is an open source lightweight blog Blog engine based on PHP and MySQL. Chyrp suffers from a cross-site scripting vulnerability. As the program fails to have adequate filtering of user-submitted input. An attacker could exploit the vulnerability to execute arbitrary script code in the browse...

WordPress Legacy Theme <= 4.2.3 - XSS

This vulnerability exists in the Legacy theme preview implementation in wp-includes/theme.php. It allows an attacker to inject arbitrary HTML or web script via a crafted string. Solution Update the theme...

Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution

The Annonces WordPress plugin was affected by an admin/theme.php File Upload PHP Code Execution security vulnerability...

WordPress 2.1.1 wp-includes/theme.php iz Variable Arbitrary Command Execution

No description provided by source...