Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2025/12/16 8:44 p.m.7 views

CVE-2023-53888

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload malicious JavaScript files, rename them to PHP, and execute system commands by exploiting the saveE and...

8.8CVSS8.5AI score0.00824EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/12/15 8:28 p.m.4 views

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.6CVSS6.5AI score0.00824EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/15 8:28 p.m.23 views

CVE-2023-53888 Zomplog 3.9 Remote Code Execution via Authenticated File Manipulation

Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files such as JavaScript and rename them to .php via the saveE and rename actions, then execute the...

8.6CVSS0.00824EPSS
Exploits1References3
CVE
CVE
added 2025/10/28 12:0 a.m.41 views

CVE-2025-56399

CVE-2025-56399 affects alexusmai/laravel-file-manager 3.3.1 and earlier. An authenticated user can upload a PNG containing PHP code; the upload may bypass client-side validation and be saved on the server. By using the rename API to switch the extension to .php, the file can be accessed via a pub...

8.8CVSS7.2AI score0.0051EPSS
Exploits2References1
OSV
OSV
added 2022/10/03 2:15 p.m.3 views

UBUNTU-CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

8.8CVSS7.4AI score0.01113EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
added 2022/09/07 12:0 a.m.5 views

VulnCheck KEV: CVE-2022-3125

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE...

8.8CVSS7.4AI score0.01113EPSS
Exploits2References1
OSV
OSV
added 2021/09/15 10:15 p.m.2 views

CVE-2020-21481

An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file...

7.2CVSS7.3AI score0.01598EPSS
Exploits1References1
CNVD
CNVD
added 2020/10/28 12:0 a.m.1 views

Stored cross-site scripting vulnerability in ZZCMS to***.php file

ZZCMS is a content management system. A stored cross-site scripting vulnerability exists in the ZZCMS to.php file. An attacker can exploit this vulnerability to obtain user cookie information...

6AI score
Exploits0
Cvelist
Cvelist
added 2019/11/05 11:25 p.m.22 views

CVE-2019-8140

An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the Media File Storage of the database to transform uploaded JPEG file into a PHP file...

5.3AI score0.00763EPSS
Exploits0References1
CNVD
CNVD
added 2018/09/18 12:0 a.m.1 views

SQL injection vulnerability in ZZCMS version 8.3 to***.php file

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the to.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive database information...

7.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

ASP2PHP 0.76.23 Preparse Token Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12014/info asp2php is prone to a buffer overflow vulnerability. This issue is exposed when the application is used to convert an ASP file to PHP. The particular issue is related to parsing of tokens in ASP files. Since AS...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2010/01/29 12:0 a.m.29 views

Joomla Autartitarot Directory Traversal

...BEGIN ADVISORY... !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TITLE: Joomla comautartitarot Directory Traversal Vulnerability LANGUAGE: PHP DORK: N/A RESEARCHER: B-HUNT3|2 CONTACT: bhunt3ratnospamgmaildotnospamcom TESTED ON: LocalHost PRE-REQUERIMENTS:...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2007/12/27 12:0 a.m.74 views

PHP ZLink 'go.php' SQL注入漏洞

PHP ZLink是一款基于PHP的WEB应用程序。 PHP ZLink不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'go.php'脚本对用户提交的WEB参数处理缺少充分过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Zeak.net PHP ZLink 0.3 目前没有解决方案提供: http://www.zeak.net/ !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV3 print "\n \'/...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2004/10/08 12:0 a.m.41 views

PHP php_variables.c Multiple Variable Open Bracket Memory Disclosure

The remote host is running a version of PHP that is older than 5.0.2 or 4.39. The remote version of this software is affected by a memory disclosure vulnerability in PHPVariables. An attacker may exploit this flaw to remotely read portions of the memory of the httpd process on the remote host...

5CVSS5.6AI score0.0973EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2001/07/02 12:0 a.m.44 views

PHP Safe Mode mail Function 5th Parameter Arbitrary Command Execution

The remote host is running PHP 4.0.5. There is a flaw in this version of PHP that allows local users to circumvent the safe mode and to gain the UID of the HTTP process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: Date: Fri, 23 Aug 2002 09:30:40 +0200 CEST From: "Wojciech...

7.5CVSS5.6AI score0.09725EPSS
Exploits0References1
Rows per page
Query Builder