vBulletin versions 5.5.4 and below suffers from an updateAvatar remote code execution vulnerability.
b1df69e722fa4cad5f1ccc76b0fc3406b89ae033513d809855bd2220ee861825
vBulletin versions 5.5.4 and below suffer from multiple remote SQL injection vulnerabilities.
742a27bb143fc517db0186097206a40eff166313f5c0f0b58106301ddbc20309
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a path traversal vulnerability. User input passed through the "webhook_target_module" parameter is not properly sanitized before being used to save PHP code into the hooks file through the Web Logic Hooks module. This can be exploited to carry out path traversal attacks and e.g. create arbitrary directories. Successful exploitation of this vulnerability requires admin privileges.
f1a4888bc04dd7c2329d4b9e63f5dcf70134ff7d0aa19f7a98b29b2dbe0338e8
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through the "trigger_event" parameter is not properly sanitized before being used to save PHP code into the 'logic_hooks.php' file through the Web Logic Hooks module. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
373176d58b363fff344849e511f806e60ec800f851a6195367e4b5a93418a783
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'labels_' parameters is not properly sanitized before being used to save PHP code within the "ParserLabel::addLabels()" method when saving labels through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
c7c33095fa6c3f0a02f90d6e98e9f06032661b1137f050544d06cb8446b39c1f
Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method.
fb135bb3e65032ece683796f6d00e171ccf703a496743031b7e8f5ac177dc40c
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a PHP code injection vulnerability in the WorkFlow module. User input passed through the $_POST['base_module'] parameter to the "Save" action of the WorkFlow module is not properly sanitized before being used to write data into the 'workflow.php' file. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
c37dd37284e402ffed48fdd303aebe476fab7cb38a313fcbc305fbb02e290129
SugarCRM versions prior to 7.9.5.0, 8.0.2, and 8.2.0 suffer from a PHP code injection vulnerability. User input passed through key values of the 'list_value' JSON parameter is not properly sanitized before being used to save PHP code when adding/saving dropdowns through the Module Builder. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires admin privileges.
980f9782786995d737ba7fd626d920010296ea4761e79aa483a82b1fe1b912d2
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a remote SQL injection vulnerability. The vulnerability is located within the SOAP API, specifically into the "portal_get_related_notes()" SOAP function. User input passed through the "order_by" parameter is not properly sanitized before being used to construct an "ORDER BY" clause of a SQL query from within the "get_notes_in_contacts()" or "get_notes_in_module()" functions. This can be exploited by Portal API Users to e.g. read sensitive data from the database through time-based SQL injection attacks.
8fd642b16f76870fd97e2aa38a1554554e8446dff1fee107a4b11985cc94644a
SugarCRM versions prior to 7.9.4.0 and 7.11.0.0 suffer from a server-side request forgery vulnerability. The vulnerability is located within the "ConnectorsController::action_CallRest()" method. User input passed through the "url" request parameter is not properly sanitized before being used in a call to the "file_get_contents" function.
73aea30f776890ef273c97076bc4e307c41eba6a7c8994f2355b433e4f8daccc
Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manage_proj_page.php page.
bf6d1e2f1321eacf2214a3400a3201acd1c33bb08ba4cb9b45cfa3ee93eefbeb
This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap <= 9.6 which could be abused by authenticated users to execute arbitrary PHP code with the permissions of the webserver. The vulnerability exists because of the User::getRecentElements() method is using the unserialize() function with data that can be arbitrarily manipulated by a user through the REST API interface. The exploit's POP chain abuses the __toString() method from the Mustache class to reach a call to eval() in the Transition_PostActionSubFactory::fetchPostActions() method.
b7ed3767d2e556f3c32b4d333b7a61ed02e66ba71ca064fedea6edb456ce4664
Tuleap versions 9.6 and below suffer from a second order PHP object injection vulnerability.
614615fd533a9914f7dae0fc5c046315ec0b6c9faa00541179463892e627fd24
PEAR HTML_AJAX versions 0.5.7 and below suffer from a PHP object injection vulnerability.
a877061f0b6d62d2472442db37c2d5befc021bed71668051a5dc42fa2dc94d4e
Piwik version 2.16.0 and below suffer from a saveLayout PHP object injection vulnerability.
dcdc3544bfe63cc9a6b25f372b4bc6e23956e5ffd828ff6d48ff75fb585630b0
Symantec Web Gateway versions 5.2.2 and below suffer from an OS command injection vulnerability in new_whitelist.php.
cdd7d3fa2ce47af05afd30d9d1babc8da234a3d22e201c7e7cdf0cff0bfcaed3
This Metasploit module exploits a PHP Object Injection vulnerability in SugarCRM CE <= 6.5.23 which could be abused to allow unauthenticated users to execute arbitrary PHP code with the permissions of the webserver. The dangerous unserialize() call exists in the '/service/core/REST/SugarRestSerialize.php' script. The exploit abuses the __destruct() method from the SugarCacheFile class to write arbitrary PHP code into the /custom directory.
9e36d98fcf465cbf54f3819f007d52be4777e317af00ae46dda8f382c44d0c0c
IPS Community Suite versions 4.1.12.3 and below suffer from a remote PHP code injection vulnerability.
07d34c8cc41959e3fc58495e9c36c8046479cb6ce919a0514491dabfe2561b46
Concrete5 versions 5.7.3.1 and below suffer from a local file inclusion vulnerability.
616ea7b3f7f6993c3c30d60eb69b780ea3e5f8f3d92361e6075cb57b7e9dbbdb
Concrete5 versions 5.7.3.1 and below suffer from multiple persistent cross site scripting vulnerabilities.
9b6d1d19af3879b7eef3ddc8135c623b1cdf6ce2e8e040cf285212c36278ddf2
Concrete5 versions 5.7.3.1 and below suffer from multiple cross site request forgery vulnerabilities.
baf7f093a6b164bb4963ba1136f5cebe78f38d52676c96cbadced44aa534cacd
SugarCRM versions 6.5.23 and below suffer from a PHP object injection vulnerability.
1a98da7144e660a3accb44aab022cd43453f7c51263930ef13a00ccd4a03cb51
SugarCRM versions 6.5.18 and below suffer from a MySugar::addDashlet insecure fopen() usage that can lead to command injection, cross site scripting, and server-side request forgery exploitation.
b5ea2947c8c691e63cd8b15a2ad9c1ce3e6371ed8f9cad785fad1655ff9e56d0
SugarCRM versions 6.5.18 and below suffer from two PHP code injection vulnerabilities.
dd7c80c6120e1805c1954e5087e5f215c67a081881bc8f20fcaa86bfed40b75e
SugarCRM versions 6.5.18 and below suffer from a missing authorization check vulnerability.
b0d6c09a780b84f51c2d8a829a8cad6ddf0b80bf8cd8641bb49a73cc3e3ff170