Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2021-3120: GitHub - guy-liu/yith-giftdrop: Exploit for the Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards Premium

An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. In order to exploit this vulnerability, an attacker must be able to place a valid Gift Card product into the shopping cart. An uploaded file is placed at a predetermined path on the web server with a user-specified filename and extension. This occurs because the ywgc-upload-picture parameter can have a .php value even though the intention was to only allow uploads of Gift Card images.

CVE
Open in Source
#vulnerability#web#ios#git#wordpress#php#rce
CVE-2021-26119: smarty/CHANGELOG.md at master · smarty-php/smarty

Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode.

CVE-2021-26120: smarty/CHANGELOG.md at master · smarty-php/smarty

Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.

CVE-2021-26809: Car Rental Project 2.0 Shell Upload ≈ Packet Storm

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.

CVE-2021-26822: Teachers Record Management System Project using PHP and Mysql- PHPGURUKUL

Teachers Record Management System 1.0 is affected by a SQL injection vulnerability in 'searchteacher' POST parameter in search-teacher.php. This vulnerability can be exploited by a remote unauthenticated attacker to leak sensitive information and perform code execution attacks.

CVE-2021-25298: Nagios - Network, Server and Log Monitoring Software

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.

CVE-2020-7071: FILTER_VALIDATE_URL accepts URLs with invalid userinfo

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

CVE-2020-13565: TALOS-2020-1178 || Cisco Talos Intelligence Group

An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability.

CVE-2021-27135: security - Re: screen crash processing combining characters

xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence.

CVE-2020-28871: Authorization Bypass and Remote Code Execution in Monitorr 1.7.6 – Lyhins' Lab

Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload.