Lucene search
K

16 matches found

Cvelist
Cvelist
added 2026/04/17 11:25 p.m.36 views

CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

9.1CVSS0.00867EPSS
Exploits0References3
CVE
CVE
added 2026/04/17 11:25 p.m.9 views

CVE-2026-40484

ChurchCRM prior to version 7.2.0 is affected by an authenticated remote code execution in the database backup restore feature. The restore operation extracts uploaded archives and copies files from Images/ into the web root using recursiveCopyDirectory(), without file extension filtering, allowin...

9.1CVSS6.3AI score0.00867EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2018-1977

Malware in sbrugna...

8.8CVSS8.8AI score0.03286EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 a.m.6 views

CVE-2018-1000646

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution...

8.8CVSS7.6AI score0.03286EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.17 views

CVE-2024-8958 Unrestricted File Write and Read in composiohq/composio

In composiohq/composio version 0.4.3, there is an unrestricted file write and read vulnerability in the filetools actions. Due to improper validation of file paths, an attacker can read and write files anywhere on the server, potentially leading to privilege escalation or remote code execution...

7.2CVSS0.01292EPSS
Exploits1References1
OSV
OSV
added 2018/08/20 7:31 p.m.11 views

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

8.8CVSS7.7AI score
Exploits0References2
OSV
OSV
added 2018/08/20 7:31 p.m.14 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

8.8CVSS7.7AI score
Exploits0References2
NVD
NVD
added 2018/08/20 7:31 p.m.16 views

CVE-2018-1000646

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution...

8.8CVSS9.1AI score0.03286EPSS
Exploits1References2
Prion
Prion
added 2018/08/20 7:31 p.m.17 views

Unrestricted file upload

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution...

6.5CVSS9AI score0.03286EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2018/08/20 7:31 p.m.13 views

Design/Logic Flaw

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

6.5CVSS8.9AI score0.02797EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/08/20 7:0 p.m.47 views

CVE-2018-1000649

LibreHealthIO LH-EHR REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in letter.php (2) within the Patient file letter functions. The issue allows writing files with malicious content via user-controlled input, potentially enabling remote code execution. This entry is cor...

8.8CVSS8.9AI score0.02797EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/08/20 7:0 p.m.40 views

CVE-2018-1000648

Summary: CVE-2018-1000648 affects LibreHealthIO lh-ehr REL-2.0.0. The vulnerability is an Authenticated Unrestricted File Write in the patient letter/file handling logic, where user-controlled parameters can cause files to be written with malicious content, potentially enabling remote code execut...

8.8CVSS8.9AI score0.02797EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/08/20 7:0 p.m.18 views

CVE-2018-1000649

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write in letter.php 2 vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User...

9AI score0.02797EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/08/20 7:0 p.m.20 views

CVE-2018-1000646

LibreHealthIO LH-EHR version REL-2.0.0 contains an Authenticated Unrestricted File Write vulnerability in Import template that can result in write files with malicious content and may lead to remote code execution...

9.1AI score0.03286EPSS
Exploits1References2
CVE
CVE
added 2018/08/20 7:0 p.m.41 views

CVE-2018-1000646

Technical details about CVE-2018-1000646 are not publicly provided in the connected documents; monitor for updates.

8.8CVSS9AI score0.03286EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/08/20 7:0 p.m.22 views

CVE-2018-1000648

LibreHealthIO lh-ehr version REL-2.0.0 contains a Authenticated Unrestricted File Write vulnerability in Patient file letter functions that can result in Write files with malicious content and may lead to remote code execution. This attack appear to be exploitable via User controlled parameters...

9AI score0.02797EPSS
Exploits1References2
Rows per page
Query Builder