Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-pq98-6hf6-3rj3: Economizzer remote code execution vulnerability

A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan’s Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.

ghsa
Open in Source
#vulnerability#web#git#php#rce

Economizzer remote code execution vulnerability

Moderate severity GitHub Reviewed Published Sep 28, 2023 to the GitHub Advisory Database • Updated Sep 28, 2023

Related news

CVE-2023-38874: GitHub - gugoan/economizzer: Open Source Personal Finance Manager

A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.

ghsa: Latest News

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability
ghsa