An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper val
GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker can craft a malicious
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to
An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation leads to cross-site request
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary
Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers
GetSimpleCMS Community Edition (CE) versions prior to 3.3.22 (3.3.16 tested) contains a stored cross-site scripting (XSS) vulnerability in the Theme to Components functionality within components.php.
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing conten
An authenticated remote code execution vulnerability exists in Piwik (now Matomo) versions prior to 3.0.3 via the plugin upload mechanism. In vulnerable versions, an authenticated user with Superuser
A Remote Code Execution vulnerability was found in CODEASTRO Membership Management System v1.0 in /add_members.php. This vulnerability affects the file upload functionality, where improper file saniti
PhreeBooks 5.2.3 contains an authenticated file upload vulnerability in the Image Manager that allows remote code execution. Attackers can upload a malicious PHP web shell by exploiting unrestricted f
An attacker could exploit this vulnerability by uploading arbitrary
files via the a specific endpoint, leading to unauthorized remote code
execution or system compromise.
An unauthenticated file upload vulnerability exists in the Fanwei E-Office <= v9.4 web management interface. The vulnerability affects the /general/index/UploadFile.php endpoint, which improperly vali
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension vali
A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads
e107 CMS version 3.2.1 contains a file upload vulnerability that allows authenticated administrative users to bypass upload restrictions and execute PHP files. Attackers can upload malicious PHP files
WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attacke
Page 1+ Next →