vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
642eb80065f04eaf2d94765043c9d033ac86f7e4e3dda966ce90660dd7167e15Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives.
3659bb2a193b54ec58750cfb109d9f00cfd739f7828d6a6d4fdff0e0ff2be911ImpressCMS versions 1.4.2 and below pre-authentication SQL injection to remote code execution exploit. User input passed through the "groups" POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the "users" database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.
576e64698cc9d7062dccead415b9bdbbe2c02e4ae86258cd980164b5e56355ccImpressCMS versions 1.4.3 and below suffer from a remote SQL injection vulnerability.
fb068f3b5b726ef7f6497f8040c8f0b94fc6749a1851c9e7f05fdbae0ca41fa0ImpressCMS versions 1.4.2 and below suffer from an incorrect access control vulnerability.
4b55169e7ddd7a9da312a1bb940bbd4357b7a28a5e228523903848b5c2e04d5fImpressCMS versions 1.4.2 and below suffer from a path traversal vulnerability that can allow for arbitrary file deletion.
54cb7c2588875cdae13b83017043e25037564efb357fe49a475251f02139a0d4ImpressCMS versions 1.4.2 and below suffer from an authentication bypass vulnerability.
d8dfe7df740ddc2041569cf9735ee4180779ccae9c55e66d12ed7119dce09379Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.
4737c6d7d22010e52296503aaa366abc55f04d975b7b1fd092c8c80e1a164e8aIPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.
392b40ad40c330e4deb04c99f4ff988666d96d0c4e3c606a17ec99241047911aExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.
194597ced97a35c6d247729d6a66efa739186e83e8e19c865571433ee7b78ee3docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.
660d129dcc87aa67615bb840ba7c6f92bff103f112e67bbd1690a0f2d2193057IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.
91f17358440b97a2cdf9126200c78d2bfdc16a8200647806ddf3ac379ef0d629qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
b112518046e2d985fa9df4e1d428c12274ab5e4bf070ee7383978e0a73695f45SugarCRM versions prior to 10.1.10 suffer from a remote SQL injection vulnerability.
dcd6f8e1b431c4d591d3fca6cf750508720c3bcb8fd317bf29a73f62c5ce15b8SugarCRM versions prior to 10.1.10 suffer from multiple cross site scripting vulnerabilities.
3b4dd8343f28746f3b059b1453af1a6567db0f415690776d8a7b2d7da1d2f3d9This Metasploit module exploits multiple vulnerabilities in openSIS 7.4 and prior versions which could be abused by unauthenticated attackers to execute arbitrary PHP code with the permissions of the webserver. The exploit chain abuses an incorrect access control issue which allows access to scripts which should require the user to be authenticated, and a local file inclusion to reach a SQL injection vulnerability which results in execution of arbitrary PHP code due to an unsafe use of the eval() function.
942c0ce311ce709dd7c1790955789b1f88040cee422935d166bdf0e150147703openSIS versions 7.4 and below suffer from multiple remote SQL injection vulnerabilities.
400d9b74c5924b238ccb88c1968e13b4640183baf55f44521ab902c275f4c1d9openSIS versions 7.4 and below suffer from a local file inclusion vulnerability.
e7161d7a2b2b5f3b74f9ce9373cde1c623bb264344142c67862680b20c2bfee5openSIS versions 7.4 and below suffer from an access bypass vulnerability.
de18d17ff15947139e2907c1c51bf51af6d549555d04403c26002b9a0c85a3afSuiteCRM versions 7.11.10 and below suffer from multiple remote SQL injection vulnerabilities.
6d0664ee294d9c0e355362341a51a1fb0526746a2bbe5d841ef37520620739c4SuiteCRM versions 7.11.11 and below suffer from an add_to_prospect_list broken access control that allows for local file inclusion attacks.
bf17496e890701853063b6c0ff76d7e4c10126a589c0ff3f257def2dcf623ee6SuiteCRM versions 7.11.11 and below suffer from an action_saveHTMLField bean manipulation vulnerability.
2180571bb1e2260ae7306d067b16cfbedbc9933b8f3852afefaabda12b8e98f8SuiteCRM versions 7.11.11 and below suffer from multiple phar deserialization vulnerabilities.
6635b4d98132797e97d5f7beb1446ac64f1d1b045f58dd11a4416288eebcbc03SuiteCRM versions 7.11.11 and below suffer from a second-order php object injection vulnerability.
0b39b583ac4c6a3f164f129018fb829ea101106ca187de455b16329ca19a3403YouPHPTube versions 7.7 and below suffer from a remote SQL injection vulnerability in getChat.json.php.
5d71aceec19133413eee8c6f4b44fc22997703a0b913eb7cb5f88539b50f03f1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed