2126 matches found
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
CVE-2021-28998
CMS Made Simple is affected by a file upload vulnerability up to version 2.2.15 that allows remote authenticated attackers to gain a webshell via a crafted phar file. The issue is a file upload flaw in the CMSMS component/functionality (no explicit code path provided here beyond the phar-based up...
CMS Made Simple 代码问题漏洞
CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
PT-2023-12130 · Unknown · Cms Made Simple
Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions through 2.2.15 Description: The issue allows remote authenticated attackers to gain a webshell via a crafted phar file. This is achieved through a file upload vulnerability. Recommendations: For versions through 2.2.1...
Online Pizza Ordering System 1.0 Shell Upload
Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Date: 03/05/2023 Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...
Online Pizza Ordering System v1.0 - Unauthenticated File Upload
Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Date: 03/05/2023 Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...
Online Pizza Ordering System v1.0 - Unauthenticated File Upload Exploit
Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...
GHSA-G2MC-FQQC-HXG3 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Impact The impact of this path traversal and arbitrary extension is limited creation of arbitrary files and appending data to existing files but when combined with the SQL Injection, the exported data RESTRICTED DIFFUSION 9 / 9 can be controlled and a webshell can be uploaded. Attackers can use...
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Impact The impact of this path traversal and arbitrary extension is limited creation of arbitrary files and appending data to existing files but when combined with the SQL Injection, the exported data RESTRICTED DIFFUSION 9 / 9 can be controlled and a webshell can be uploaded. Attackers can use...
CVE-2023-28838
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
Sql injection
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
CVE-2023-28838
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
UBUNTU-CVE-2023-28838
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
CVE-2023-28838
GLPI (asset/IT management software) is affected by CVE-2023-28838 due to a SQL injection in the statistics/reports area. Affected: GLPI versions prior to 9.5.13 and 10.0.7; patch exists in 9.5.13 and 10.0.7. Remediation: upgrade to 9.5.13 or 10.0.7 or later; as temporary workaround, remove read r...
CVE-2023-28838 GLPI vulnerable to SQL injection through dynamic reports
GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server...
GLPI SQL注入漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...
PT-2023-3266 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 0.50 through 9.5.12 GLPI versions 10.0.0 through 10.0.6 Description: The issue is related to a SQL Injection vulnerability that allows users with access rights to statistics or reports to extract all data from the database and, ...