Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46468: [CVE-2023-46468] There's an RCE vulnerability in Juzaweb CMS

An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.

CVE
Open in Source
#vulnerability#web#git#php#rce

CVE ID

CVE-2023-46468

GitHub

https://github.com/juzaweb/cms

Influenced Version

<= v3.4

Vulnerability Type

Eval injection

Description

An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.

POC: https://sumor.top/usr/uploads/2023/10/poc.zip

1.Insert malicious PHP code into custom plugins:

2.Upload custom plugins:

3.Enable plugins:

4.Refresh the page to trigger the vulnerability:

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE