4 matches found
WordPress Phlox Portfolio plugin <= 2.3.10 - Unauthenticated Local File Inclusion via args[extra_template_path] vulnerability
Unauthenticated Local File Inclusion via argsextratemplatepath vulnerability discovered by LionTree in WordPress Plugin Phlox Portfolio versions = 2.3.10...
CVE-2025-9725 Cudy LT500E Web shadow hard-coded password
A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...
PT-2024-35267 · Unknown · Event Tickets With Ticket Scanner
Name of the Vulnerable Software and Affected Versions: Event Tickets with Ticket Scanner versions 2.3.11 and earlier Description: The issue affects Event Tickets with Ticket Scanner, allowing Server Side Include SSI Injection due to improper neutralization of special elements used in a template...
PT-2022-26109 · Ez Systems · Ezplatform-Graphql
Name of the Vulnerable Software and Affected Versions: ezplatform-graphql versions prior to 1.0.13 ezplatform-graphql versions prior to 2.3.12 Description: The issue concerns the exposure of password hashes of users who have created or modified content, typically administrators and editors, throu...