This Metasploit module exploits an unauthenticated remote code execution vulnerability in the Bricks Builder Theme versions 1.9.6 and below for WordPress. The vulnerability allows attackers to execute arbitrary PHP code by leveraging a nonce leakage to bypass authentication and exploit[…]
Read more...A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and[…]
Read more...Insurance Management System PHP and MySQL version 1.0 suffers from multiple persistent cross site scripting vulnerabilities.
Read more...Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.
Read more...Gibbon LMS version 26.0.00 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution.
Read more...Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical[…]
Read more...MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.
Read more...MSMS-PHP version 1.0 suffers from a remote SQL injection vulnerability.
Read more...The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.
Read more...Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customer_support/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020.
Read more...Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.
Read more...Ubuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.
Read more...This Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php[…]
Read more...Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker[…]
Read more...This Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is[…]
Read more...This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo() function on the login page of the target device, allowing to inspect the PHP configuration. This script also has the option[…]
Read more...XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.
Read more...Vinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.
Read more...Red Hat Security Advisory 2024-0387-03 - An update for the php:8.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
Read more...This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit makes use of a[…]
Read more...Ubuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code.[…]
Read more...ISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php.
Read more...This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call[…]
Read more...phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited[…]
Read more...SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.
Read more...