67 matches found
CVE-2026-39387
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
CVE-2026-39387
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
CVE-2026-39387 BoidCMS: Local File Inclusion (LFI) leads to Remote Code Execution (RCE) via tpl parameter
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
CVE-2026-39387
BoidCMS, a PHP-based flat-file CMS, before v2.1.3 is vulnerable to a critical Local File Inclusion via the tpl parameter that is passed directly to require_once without proper path validation. An authenticated administrator can inject path traversal (../) to escape the theme directory and include...
CVE-2026-39387 BoidCMS: Local File Inclusion (LFI) leads to Remote Code Execution (RCE) via tpl parameter
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
CVE-2026-39387
BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...
CVE-2018-12492
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfilef function in framework/admin/tplcontrol.php...
CVE-2018-9851
In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to read any file via a modified pathname in an Admin-Tpl request, as demonstrated by use of '|' instead of '/' as a directory separator, in conjunction with a ".." sequence...
CVE-2022-50691
MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...
CVE-2022-50691
MiniDVBLinux 5.4 contains a remote command execution vulnerability that allows unauthenticated attackers to execute arbitrary commands as root through the 'command' GET parameter. Attackers can exploit the /tpl/commands.sh endpoint by sending malicious command values to gain root-level system...
PT-2025-54230
Name of the Vulnerable Software and Affected Versions MiniDVBLinux version 5.4 Description MiniDVBLinux version 5.4 contains a remote command execution issue that allows unauthenticated attackers to execute arbitrary commands as root. The issue is due to a flaw in the handling of the command GET...
EUVD-2006-3161
Malware in sbrugna...
EUVD-2025-22099
Malicious code in bioql PyPI...
CVE-2025-8975
A vulnerability was identified in givanz Vvveb up to 1.0.5. This affects an unknown part of the file admin/template/content/edit.tpl. The manipulation of the argument slug leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public a...
Malicious code in tpl-browser (npm)
The package tpl-browser was found to contain malicious code...
MAL-2025-37123 Malicious code in tpl-browser (npm)
The package tpl-browser was found to contain malicious code...
PT-2025-32366 · Trendnet · Tpl-430Ap +2
Name of the Vulnerable Software and Affected Versions: TRENDnet TI-G160i versions up to 20250724 TRENDnet TI-PG102i versions up to 20250724 TRENDnet TPL-430AP versions up to 20250724 Description: A critical vulnerability exists in the SSH Service component of TRENDnet devices. The issue involves...
TRENDnet多款产品 安全漏洞
TRENDnet TPL-430AP and others are products of Trendnet, Inc.TRENDnet TPL-430AP is a wireless access point.TRENDnet TI-G160i is an intelligent managed switch.TRENDnet TI-PG102i is an intelligent managed switch. A security vulnerability exists in several TRENDnet products, which stems from an issue...
CVE-2025-44651
In TRENDnet TPL-430AP FW1.0, the USERLIMITGLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected...
CVE-2025-44651
In TRENDnet TPL-430AP FW1.0, the USERLIMITGLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected...