Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Millhouse-Project 1.414 Shell Upload

Millhouse-Project version 1.414 suffers from a remote shell upload vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#web#debian#js#git#php#rce#auth#webkit
CVE-2022-47879: Jedox – Planning your business with better insights and decisions

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods.

CVE-2023-32073: Authenticated Remote Code Execution fix · WWBN/AVideo@1df4af0

WWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.

CVE-2020-13377: Path traversal in Enterprise loadbalancer VA MAX - v8.3.8 and earlier

The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.

CVE-2023-29983: CompanyMaps 8.0 Cross Site Scripting ≈ Packet Storm

Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel.

CVE-2023-29657: eXtplorer 2.1.15 – Arbitrary File Upload – Tristão Marinho

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions.

CVE-2023-27238: cms/ResourceController.php at c0a36dd748c8f7ff53eb16eb572bdeebe72eb420 · LavaLite/cms

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.

CVE-2023-2678

A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228892.

CVE-2023-2677: cve/SQL.md at main · BacteriaJun/cve

A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. This affects an unknown part of the file admin/establishment/manage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228891.

CVE-2023-2671

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887.