Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Wolf CMS 0.8.3.1 Shell Upload

Wolf CMS version 0.8.3.1 suffers from a remote shell upload vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#git#php#rce#auth
Pluck CMS 4.7.18 Cross Site Scripting

Pluck CMS version 4.7.18 suffers from a persistent cross site scripting vulnerability.

EasyPHP Webserver 14.1 Path Traversal / Remote Code Execution

EasyPHP Webserver version 14.1 suffers from remote code execution and path traversal vulnerabilities.

CVE-2023-30242

NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.

Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million Compromised

PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes," Packagist's Nils Adermann said

CVE-2023-30090: vuln/Semcms at master · xlccccc/vuln

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE-2023-30122: bug_report/RCE-1.md at main · xtxxueyan/bug_report

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

CVE-2017-20183

A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.

CVE-2023-30264: CVE-2023-30264

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.

CVE-2023-30264: HuBenVulList/CLTPHP6.0 Unrestricted Upload of File with Dangerous Type 2.md at main · HuBenLab/HuBenVulList

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.