Lucene search
K

39 matches found

EUVD
EUVD
added 2026/05/10 3:31 p.m.10 views

EUVD-2021-34798

e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to execute arbitrary commands by uploading malicious theme files. Attackers can upload a crafted theme package through the theme.php endpoint that deploys a web shell ...

8.8CVSS6.6AI score0.0059EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 p.m.7 views

CVE-2020-20919

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

7.2CVSS7.6AI score0.01256EPSS
Exploits1
NVD
NVD
added 2024/11/08 9:15 p.m.17 views

CVE-2024-50809

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands...

8.8CVSS0.007EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/08 12:0 a.m.12 views

CVE-2024-50809

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands...

7.3AI score0.007EPSS
Exploits0References1
CVE
CVE
added 2024/11/08 12:0 a.m.50 views

CVE-2024-50809

CVE-2024-50809 affects SDCMS 2.8 via a vulnerability in the theme.php file that enables command execution (system commands). Multiple sources (NVD, Red Hat, CNNVD, CVE lists, CIRCL) confirm the vulnerable component; CVSSv3.1 base score is 8.8 (High) with network attack vector, low complexity, and...

8.8CVSS7AI score0.007EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/11/08 12:0 a.m.16 views

CVE-2024-50809

The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands...

0.007EPSS
Exploits0References1
NVD
NVD
added 2023/06/20 3:15 p.m.22 views

CVE-2020-20919

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

7.2CVSS7.2AI score0.01256EPSS
Exploits1References1
OSV
OSV
added 2023/06/20 3:15 p.m.15 views

CVE-2020-20919

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

7.2CVSS7.8AI score
Exploits0References1
Prion
Prion
added 2023/06/20 3:15 p.m.16 views

Unrestricted file upload

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file...

5.8CVSS7.2AI score0.01256EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/14 7:15 p.m.19 views

Server side request forgery (ssrf)

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

6.4CVSS9AI score0.01075EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/10/14 12:0 a.m.28 views

CVE-2022-41477

A security issue was discovered in WeBid =1.2.2. A Server-Side Request Forgery SSRF vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories...

9.3AI score0.01075EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/12/14 12:0 a.m.1 views

PT-2021-8668

Name of the Vulnerable Software and Affected Versions LimeSurvey version 3.6.2+180406 Description The issue is a cross-site scripting XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via the changes cp parameter to the...

6.1CVSS5.9AI score0.00808EPSS
Exploits0References7
Huntr
Huntr
added 2021/07/17 7:4 p.m.11 views

Cross-site Scripting (XSS) - Generic in emoncms/emoncms

✍️ Description Line 94 of theme.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. In this case the data is sent at builtinecho in theme.php at line 94. 🕵️‍♂️ Proof of Concept $q = ""; if isset$GET'q' $q = $GET'q'; //get in line 16 //print in line...

3.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.82 views

WordPress 3.9.x < 3.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

9.8CVSS10AI score0.99714EPSS
Exploits66References11
OSV
OSV
added 2017/01/15 2:59 a.m.27 views

CVE-2017-5490

Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...

6.1CVSS5.6AI score
Exploits0References9
Debian CVE
Debian CVE
added 2017/01/15 2:0 a.m.42 views

CVE-2017-5490

Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to...

6.1CVSS7AI score0.02436EPSS
Exploits0
Patchstack
Patchstack
added 2016/01/08 12:0 a.m.22 views

WordPress <= 4.4.0 - Multiple XSS

Multiple cross site scripting vulnerabilities were found in wp-includes/class-wp-theme.php. These vulnerabilities allow the attackers to inject arbitrary web script or HTML via a 1. stylesheet name or 2. template name to wp-admin/customize.php. Solution Upgrade WordPress...

6.1CVSS2.7AI score0.02694EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2015/12/31 12:0 a.m.4 views

Chyrp 'class/Theme.php' Cross-Site Scripting Vulnerability

Chyrp is an open source lightweight blog Blog engine based on PHP and MySQL. Chyrp suffers from a cross-site scripting vulnerability. As the program fails to have adequate filtering of user-submitted input. An attacker could exploit the vulnerability to execute arbitrary script code in the browse...

6.9AI score
Exploits0References1
Patchstack
Patchstack
added 2015/08/04 12:0 a.m.34 views

WordPress Legacy Theme <= 4.2.3 - XSS

This vulnerability exists in the Legacy theme preview implementation in wp-includes/theme.php. It allows an attacker to inject arbitrary HTML or web script via a crafted string. Solution Update the theme...

4.3CVSS2.5AI score0.0743EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2014/08/01 10:58 a.m.9 views

Annonces 1.2.0.1 - admin/theme.php File Upload PHP Code Execution

The Annonces WordPress plugin was affected by an admin/theme.php File Upload PHP Code Execution security vulnerability...

2.8AI score
Exploits0References1Affected Software1
Rows per page
Query Builder