2 matches found
CVE-2026-34216
CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the admin settings update endpoint accepted a fully qualified class name directly from user-supplied request input and used it for dynamic static method calls and object instantiation without any allowli...
PT-2023-14142 · WordPress · Replyable
Name of the Vulnerable Software and Affected Versions: Replyable WordPress plugin versions prior to 2.2.10 Description: The issue arises from the lack of validation of the class name submitted by the request when instantiating an object in the prompt dismiss notice action, and the absence of a CS...