Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2022-44276: GitHub - HerrLeStrate/CVE-2022-44276-PoC: PoC for Responsive Filemanager < 9.12.0 bypass upload restrictions lead to RCE

In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE.

CVE
Open in Source
#git#php#rce
CVE-2023-1844: send-email.php in subscribe2/trunk/admin – WordPress Plugin Repository

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users.

CVE-2023-3427: Changeset 2931406 for salon-booking-system – WordPress Plugin Repository

The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the 'save_customer' function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2020-18409: Bug: CatfishCMS V 4.8.63 CSRF · Issue #5 · xwlrbh/Catfish

Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html.

CVE-2020-18414: Bug: ChaojiCMS V2.18 XSS #3 · Issue #3 · GodEpic/chaojicms

Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset.

CVE-2020-19902: BUG:A Arbitrary File Reading Vulnerability in wex/cssjs.php · Issue #3 · vedees/wcms

Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.

CVE-2020-18416: Bug: Jymusic V2.0.0 CSRF · Issue #1 · dtorp06/jymusic

An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information.

CVE-2020-18410: Bug: ChaojiCMS V2.18 XSS #6 · Issue #6 · GodEpic/chaojicms

A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges.

CVE-2020-18413: Bug: ChaojiCMS V2.18 XSS #5 · Issue #5 · GodEpic/chaojicms

Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code.

CVE-2020-18418: Vulnerability-detection/feifeicms/FeiFeiCMS_4.1_csrf.doc at master · GodEpic/Vulnerability-detection

A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert.