Lucene search
K

6 matches found

0day.today
0day.today
added 2021/03/16 12:0 a.m.76 views

ExpressionEngine 6.0.2 PHP Code Injection Vulnerability

---------------------------------------------------------------------------- ExpressionEngine security-sanitizefilename$file; 366. 367. $destdir = $this-languagesdir . $language . '/'; 368. $filename = $file . 'lang.php'; 369. $destloc = $destdir . $filename; 370. 371. $str = 'lang-loadfile$file;...

8.8CVSS0.7AI score0.02832EPSS
Exploits3
OSV
OSV
added 2021/03/15 11:15 p.m.22 views

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

8.8CVSS7.2AI score
Exploits0References5
NVD
NVD
added 2021/03/15 11:15 p.m.16 views

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

8.8CVSS0.02832EPSS
Exploits3References5
Prion
Prion
added 2021/03/15 11:15 p.m.21 views

Code injection

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

6.5CVSS8.9AI score0.02832EPSS
Exploits3References5Affected Software1
Cvelist
Cvelist
added 2021/03/15 10:52 p.m.21 views

CVE-2021-27230

ExpressionEngine before 5.4.2 and 6.x before 6.0.3 allows PHP Code Injection by certain authenticated users who can leverage Translate::save to write to an lang.php file under the system/user/language directory...

9.1AI score0.02832EPSS
Exploits3References5
Hacker One
Hacker One
added 2021/02/02 11:25 p.m.14 views

ExpressionEngine: PHP Code Injection through "Translate::save()" method

A vulnerability was identified and fixed that could have allowed attackers to inject and execute arbitrary PHP code through improperly sanitized user input...

7.8AI score
Exploits0
Rows per page
Query Builder