Islam CMS version 1.0 suffers from a remote PHP code injection vulnerability.
39b07aef1fa1c0862a22398b5f20aabeb8f16190e023159d1c613e4cc63eef60
Ubuntu Security Notice 6305-1 - It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information. It was discovered that PHP incorrectly handled certain PHAR files. An attacker could possibly use this issue to cause a crash, expose sensitive information or execute arbitrary code.
1dc8c3dad3030fd034169b595c1d037465ec0558c0e070e9e64ad1aef797927d
This Metasploit module exploits an unauthenticated remote command execution vulnerability that affects Chamilo versions 1.11.18 and below. Due to a functionality called Chamilo Rapid to easily convert PowerPoint slides to courses on Chamilo, it is possible for an unauthenticated remote attacker to execute arbitrary commands at the OS level using a malicious SOAP request at the vulnerable endpoint /main/webservices/additional_webservices.php.
9eddd6c9a39fb97ca77aeebd1ec713969953ce2f89e609c528b4a46ca5ec152d
SugarCRM versions 12.2.0 and below suffer from a PHP object injection vulnerability.
32f7ef69ef5791e90290f62780a766a77c6238a01e2c71417b234a5b64db910c
RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.
abc5a8577c76d38277377259204d36eaaa8e98293d1ed4d1030fb74de2c622f0
DigaSell Digital Store PHP Script version 1.0.0 suffers from a cross site scripting vulnerability.
f72dfd55d23408ab5429974dee598db6c2f5f4c1ad279051decdd75964ab240b
Discussion On Kontackt The Exclusive PHP Social Network Platform version 1.18 suffers from a cross site scripting vulnerability.
7d18de8acfc063f172113a27af33ebbcf209b0dcb3d43c8ec163f7ff1adefc84
DigaSell Digital Store PHP Script version 1.0.0 suffers from a remote blind SQL injection vulnerability.
8729994d50fb2282a91511c1471e529be3acfb58262a0d60949d1b29f6c5d7a6
Chatone Social Networking PHP Script version 1.6 suffers from an add administrator vulnerability.
aa549a9947a1342ad9aeff37c9e15f1e470ba8802ce29b603d258f911541cf20
This Metasploit module exploits authentication bypass (CVE-2018-17153) and command injection (CVE-2016-10108) vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyCloud. If so, it attempts to trigger an authentication bypass (CVE-2018-17153) via a crafted GET request to /cgi-bin/network_mgr.cgi. If the server responds as expected, the module assesses the vulnerability status by attempting to exploit a commend injection vulnerability (CVE-2016-10108) in order to print a random string via the echo command. This is done via a crafted POST request to /web/google_analytics.php. If the server is vulnerable, the same command injection vector is leveraged to execute the payload. This module has been successfully tested against Western Digital MyCloud version 2.30.183.
0ce2f1497429d5e02113422d33a5d38d119e0b68b4af0aa04d5b4189b6ef07f8
Availability Booking Calendar PHP suffers from cross site scripting and arbitrary file upload vulnerabilities. This was tested in July of 2023 but it is unclear what versions are affected.
e67ac34384ab2be0d18a5bd94e4c7187126859aaf2b755a195aa0c55fd5cf914
WordPress File Manager Advanced Shortcode plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to remote code execution in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users, but it also works in an authenticated configuration. Versions 2.3.2 and below are affected. To install the Shortcode plugin File Manager Advanced version 5.0.5 or lower is required to keep the configuration vulnerable. Any user privileges can exploit this vulnerability which results in access to the underlying operating system with the same privileges under which the Wordpress web services run.
70276f13c7da05f57a272fbb51cb03ce6c129189c7bb524b4612cc20be063403
Bazaar Social Listing Shopping Web PHP Template version 2.3.2 suffers from a cross site scripting vulnerability.
c6e4d11aa955cb2bed6d76defb35557734149c0312ced065d9b37014584f212f
Bazaar Social Listing Shopping Web PHP Template version 2.3.2 suffers from a privilege escalation vulnerability.
f5312fef20d54f675129250c93dbc79ad8b831731e0ba613b47a3771260a63cd
Super Store Finder PHP Script versions 3.6 and below suffer from a remote SQL injection vulnerability that allows for authentication bypass.
626e9249014429e44e6f78886ff283f9591b5337313b41d8bca85c6684a00018
Ubuntu Security Notice 6199-1 - It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.
f900e85ecda5d4b00c19b39d7bf754425099337a6a82556ace53811d967446d9
Advanced PHP URL Shortener version 1.0 suffers from a cross site scripting vulnerability.
4e1d8e53e5314398ff0dd35afa47391639eddbece2db8c996181a7b27a46577e
PHP Online School version 1.0 suffers from a cross site scripting vulnerability.
f03972c1e09a9186ceda63b51379c7322f797984280b34e747cead9ca8483d0d
PHP Mail version 5.0 suffers from a cross site scripting vulnerability.
ab9cccf88065d059ab46972fbfac65d69ffa30754d5ac7563f151812c102ac6b
PHP Car Dealer version 3.0 suffers from a cross site scripting vulnerability.
5d7cda295322273a07765d0e26863912ad7bb4ef36801e228c39142c37806ef6
NetArt Media PHP Hotel Site version 2.0 suffers from a cross site scripting vulnerability.
84124ff16f949e9ab005d3b5c316da611c20f345e4bf826893ebfce6f62c376a
This Metasploit module exploits an unauthenticated command injection vulnerability in /controller/ping.php in Symmetricom SyncServer. The S100 through S350 (End of Life) models should be vulnerable to unauthenticated exploitation due to a session handling vulnerability.
9228aebd2b8cb829828420734c809d84e0b8b72d483a6286436970baa02fbb09
This Metasploit module exploits an unauthenticated remote code execution vulnerability in TerraMaster TOS versions 4.2.29 and below by chaining two existing vulnerabilities, CVE-2022-24990 "Leaking sensitive information" and CVE-2022-24989, "Authenticated remote code execution". Exploiting vulnerable endpoint api.php?mobile/webNasIPS leaking sensitive information such as admin password hash and mac address, the attacker can achieve unauthenticated access and use another vulnerable endpoint api.php?mobile/createRaid with POST parameters raidtype and diskstring to execute remote code as root on TerraMaster NAS devices.
7e730a3eca39b8e6d103226c6deb4b1c15b54a16ab70d8fb24d2e419a087f25d
Debian Linux Security Advisory 5425-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
b78ada19cdad18133c1d75e67c6a3d412579cefae51613bdc1305bfaf34bc7be
Debian Linux Security Advisory 5424-1 - It was discovered that PHP's implementation of SOAP HTTP Digest authentication performed insufficient error validation, which may result in a stack information leak or use of weak randomness.
1480d11098e522e1a4cec8195fa739e3296da2ba49c56c9ed78a071d88989612