9 matches found
CVE-2026-49049
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...
CVE-2026-49049
The CVE-2026-49049 entry concerns the Helix3 Joomla extension by joomshaper. The vulnerability arises from an exposed ajax handler task within Helix3 that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files, and update template parameters. This indicates a remot...
CVE-2026-1925
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...
CVE-2026-1925
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...
CVE-2026-1925 EmailKit – Email Customizer for WooCommerce & WP <= 1.6.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Title Modification
The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'updatetemplatedata' function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with...
PT-2023-18572 · Alf.Io · Alf.Io
Name of the Vulnerable Software and Affected Versions: alfio-event/alf.io versions prior to 2.0-M4-2304 Description: The issue is related to the improper neutralization of special elements used in a template engine. This problem affects the GitHub repository alfio-event/alf.io. Recommendations: F...
openSUSE Security Update : claws-mail (openSUSE-2020-1822)
This update for claws-mail fixes the following issues : - Additional cleanup of the template handling claws-mail was updated to 3.17.8 boo1177967 - Shielded template's |program and |attachprogram so that the command-line that is executed does not allow sequencing such as with && || ;, preventing...
CVE-2018-18258
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...
DamiCMS Remote Code Execution Vulnerability
DamiCMS is a content management system CMS for building websites quickly. A remote code execution vulnerability exists in DamiCMS version 6.0.1, which can be exploited by a remote attacker to execute code by sending a multipart/form-data POST request containing PHP code to the...