phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03SugarCRM versions 13.0.1 and below suffer from a remote shell upload vulnerability in the set_note_attachment SOAP call.
f051a516487d8fd4a224aa9c883a0ab530f400da930805694f2f73cbeae5a487SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.
482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5CrafterCMS versions 4.0.2 and below suffer from multiple cross site scripting vulnerabilities.
4048cc73ca79593508defbbf3c0df5f379960818368d8961aa031904ca5e521eSugarCRM versions 12.2.0 and below suffer from multiple remote SQL injection vulnerabilities.
7ac3dd76029909e92ecbb32df56339dca3e9412efcdf8b96b27046af6d4ffb09SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.
32f7ef69ef5791e90290f62780a766a77c6238a01e2c71417b234a5b64db910cSugarCRM versions 12.2.0 suffer from a bean manipulation vulnerability that can allow for privilege escalation.
1078818f691b65f6434800472b38689394026e833cc221fb0566161b653d1103SugarCRM versions 12.2.0 and below suffers from a multiple step remote shell upload vulnerability.
6bee957dcfc710f3709d5cc3ba3aa33ecb6f07d987d6836c2df36e2f2011c8a8Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php.
1b6698ff49dd75e5444eb0fdffd03d9806fd9c813b8e9255172cc30fc8eee07cTiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php.
2ec6d4c5f2c778a5cba091671d5430e465c12ac9843c5cd81c7a60ef025d78c5Tiki Wiki CMS Groupware versions 24.0 and below suffer from a PHP code injection vulnerability in structlib.php.
78cc87727c56dfa65396d9be9770b8f57ca776f333384898c9697700f5975390Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.
e6e385bd593b19e51fd23dc7a81743ae9a7caac91f486e077758222133af8248Drupal H5P Module versions 2.0.0 and below suffer from a traversal vulnerability when handling a zipped filename on windows.
29cd61d23f4b78dbb93cdc479cba570c70b094e72db31910170d0c3eb73d58f8vBulletin versions 5.5.2 and below suffers from an issue where user input passed through the "messageids" request parameter to /ajax/api/vb4_private/movepm is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope, allowing them to carry out a variety of attacks, such as executing arbitrary PHP code.
642eb80065f04eaf2d94765043c9d033ac86f7e4e3dda966ce90660dd7167e15Joomla! versions 4.1.0 and below suffer from path traversal and file overwrite vulnerabilities due to misplaced trust in the handling of compressed archives.
3659bb2a193b54ec58750cfb109d9f00cfd739f7828d6a6d4fdff0e0ff2be911ImpressCMS versions 1.4.2 and below pre-authentication SQL injection to remote code execution exploit. User input passed through the "groups" POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the "users" database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.
576e64698cc9d7062dccead415b9bdbbe2c02e4ae86258cd980164b5e56355ccImpressCMS versions 1.4.3 and below suffer from a remote SQL injection vulnerability.
fb068f3b5b726ef7f6497f8040c8f0b94fc6749a1851c9e7f05fdbae0ca41fa0ImpressCMS versions 1.4.2 and below suffer from an incorrect access control vulnerability.
4b55169e7ddd7a9da312a1bb940bbd4357b7a28a5e228523903848b5c2e04d5fImpressCMS versions 1.4.2 and below suffer from a path traversal vulnerability that can allow for arbitrary file deletion.
54cb7c2588875cdae13b83017043e25037564efb357fe49a475251f02139a0d4ImpressCMS versions 1.4.2 and below suffer from an authentication bypass vulnerability.
d8dfe7df740ddc2041569cf9735ee4180779ccae9c55e66d12ed7119dce09379Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.
4737c6d7d22010e52296503aaa366abc55f04d975b7b1fd092c8c80e1a164e8aIPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.
392b40ad40c330e4deb04c99f4ff988666d96d0c4e3c606a17ec99241047911aExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.
194597ced97a35c6d247729d6a66efa739186e83e8e19c865571433ee7b78ee3docsify versions 4.11.6 and below suffer from a cross site scripting vulnerability. This vulnerability exists due to an incomplete fix for CVE-2020-7680.
660d129dcc87aa67615bb840ba7c6f92bff103f112e67bbd1690a0f2d2193057IPS Community Suite versions 4.5.4 and below suffer from a remote SQL injection vulnerability in the Downloads REST API.
91f17358440b97a2cdf9126200c78d2bfdc16a8200647806ddf3ac379ef0d629
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed