Lucene search
K

12 matches found

OSV
OSV
added 6 days ago3 views

CVE-2026-12116 CVE-2026-12116

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

9.8CVSS6.1AI score0.0038EPSS
Exploits0References5
NVD
NVD
added 2026/04/14 11:16 p.m.3 views

CVE-2026-39387

BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion LFI attack via the tpl parameter, which can lead to Remote Code Execution RCE.The application fails to...

7.2CVSS0.00731EPSS
Exploits2References2
OSV
OSV
added 2024/05/27 11:16 p.m.7 views

GHSA-F43J-8HQ4-2XJ9 silverstripe/framework uploaded PHP script execution in assets

A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...

7.2AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/27 11:16 p.m.17 views

silverstripe/framework uploaded PHP script execution in assets

A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...

7.2AI score
Exploits0References4Affected Software1
0day.today
0day.today
added 2024/04/21 12:0 a.m.286 views

SofaWiki 3.9.2 - Remote Command Execution (Authenticated) Exploit

Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import requests import random import...

7.4AI score
Exploits0
NVD
NVD
added 2021/09/27 12:15 p.m.53 views

CVE-2021-40097

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter...

8.8CVSS0.02425EPSS
Exploits0References2
Prion
Prion
added 2021/09/27 12:15 p.m.17 views

Path traversal

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter...

6.5CVSS9AI score0.02425EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/09/27 11:6 a.m.27 views

CVE-2021-40097

An issue was discovered in Concrete CMS through 8.5.5. Authenticated path traversal leads to to remote code execution via uploaded PHP code, related to the bFilename parameter...

9.6AI score0.02425EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/11/30 12:0 a.m.36 views

Drupal 6.x < 6.29 Multiple Vulnerabilities

The remote web server is running a version of Drupal that is 6.x prior to 6.29. It is, therefore, potentially affected by multiple vulnerabilities : - An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the...

6.8CVSS6.2AI score0.03072EPSS
Exploits0References4
Prion
Prion
added 2012/09/05 11:55 p.m.19 views

Design/Logic Flaw

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file...

6.8CVSS8.2AI score0.03286EPSS
Exploits1References2Affected Software1
OwnCloud
OwnCloud
added 2012/07/10 5:14 p.m.48 views

Code execution in /lib/migrate.php - ownCloud

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file. Affected Software ownCloud Server 4.0.7 CVE-2012-4389 Action Taken It is...

6.8CVSS7.2AI score0.03286EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/03/30 12:0 a.m.13 views

FreeBSD : pivot-weblog -- file deletion vulnerability (0fe73a4a-1b18-11de-8226-0030843d3802)

Secunia reports : A vulnerability has been discovered in Pivot, which can be exploited by malicious people to delete certain files. Input passed to the 'refkey' parameter in extensions/bbclonetools/count.php is not properly sanitised before being used to delete files. This can be exploited to...

5.6AI score
Exploits0References1
Rows per page
Query Builder