Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

The affected device suffers from authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Also, the application suffers from Insufficient Session Expiration vulnerability.

Zero Science Lab
Open in Source
#vulnerability#web#linux#debian#apache#git#php#rce#auth
Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials

The device uses a weak set of default and hard-coded administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.

Anevia Flamingo XL 3.6.20 Authenticated Root Remote Code Execution

The affected device suffers from authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Also, the application suffers from Insufficient Session Expiration vulnerability.

CVE-2023-3187: Vulnerability/trms.md at main · ctflearner/Vulnerability

A vulnerability, which was classified as critical, has been found in PHPGurukul Teachers Record Management System 1.0. Affected by this issue is some unknown functionality of the file /changeimage.php of the component Profile Picture Handler. The manipulation of the argument newpic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231176.

CVE-2023-33557: fuel-cms-sqlinjection/README.md at main · bcvgh/fuel-cms-sqlinjection

Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php.

MVC Shop 0.5 Directory Traversal

MVC Shop version 0.5 suffers from a directory traversal vulnerability.

PHP Live 3.1 Cross Site Scripting

PHP Live version 3.1 suffers from a cross site scripting vulnerability.

Acelle Email Marketing 4.0.25 Arbitrary File Upload

Acelle Email Marketing version 4.0.25 suffers from an arbitrary file upload vulnerability.

CVE-2023-3184

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-231164.