EUVD-2023-58347

Malicious code in bioql PyPI...

PHPFusion Remote Code Execution Vulnerability

PHPFusion is a lightweight open source content management system. A remote code execution vulnerability exists in PHPFusion version 9.03.110. The vulnerability can be exploited to achieve remote code execution by inserting malicious php code or php files into a zip file and uploading it to the...

Jaws 代码问题漏洞

Jaws is a framework and content management system for building dynamic websites. A remote code execution vulnerability exists in Jaws 1.8.0 and earlier versions. The vulnerability can be exploited by a remote authenticated administrator to execute OS commands by uploading a theme ZIP file...

WordPress: Stored XSS on Broken Themes via filename

Hi, I've found something here, Description XSS Stored because filename of theme when broken, So when theme is broken, Wordpress will inform the name of theme who has been broken which is the folder name of theme and inform the error with description message. F342862 Looks like the filename is...

PT-2017-14647 · October · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS versions 1.0.0 through 1.0.428 Description: The issue allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive...