Total
3865 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20988 | 1 Google Forms Project | 1 Google Forms | 2024-08-05 | N/A |
| The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation. | ||||
| CVE-2018-21023 | 1 Centreon | 1 Centreon Web | 2024-08-05 | 8.8 High |
| getStats.php in Centreon Web before 2.8.28 allows authenticated attackers to execute arbitrary code via the ns_id parameter. | ||||
| CVE-2018-19463 | 1 Zblogcn | 1 Z-blogphp | 2024-08-05 | N/A |
| zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication | ||||
| CVE-2018-20931 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 70.0.23 allows demo accounts to execute code via the Landing Page (SEC-405). | ||||
| CVE-2018-20896 | 1 Cpanel | 1 Cpanel | 2024-08-05 | N/A |
| cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394). | ||||
| CVE-2018-20772 | 1 Frog Cms Project | 1 Frog Cms | 2024-08-05 | N/A |
| Frog CMS 0.9.5 allows PHP code execution via <?php to the admin/?/layout/edit/1 URI. | ||||
| CVE-2018-20775 | 1 Frog Cms Project | 1 Frog Cms | 2024-08-05 | N/A |
| admin/?/plugin/file_manager in Frog CMS 0.9.5 allows PHP code execution by creating a new .php file containing PHP code, and then visiting this file under the public/ URI. | ||||
| CVE-2018-20717 | 1 Prestashop | 1 Prestashop | 2024-08-05 | N/A |
| In the orders section of PrestaShop before 1.7.2.5, an attack is possible after gaining access to a target store with a user role with the rights of at least a Salesman or higher privileges. The attacker can then inject arbitrary PHP objects into the process and abuse an object chain in order to gain Remote Code Execution. This occurs because protection against serialized objects looks for a 0: followed by an integer, but does not consider 0:+ followed by an integer. | ||||
| CVE-2018-20773 | 1 Frog Cms Project | 1 Frog Cms | 2024-08-05 | N/A |
| Frog CMS 0.9.5 allows PHP code execution by visiting admin/?/page/edit/1 and inserting additional <?php lines. | ||||
| CVE-2018-20325 | 1 Definitions Project | 1 Definitions | 2024-08-05 | N/A |
| There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution. | ||||
| CVE-2018-20300 | 1 Phome | 1 Empirecms | 2024-08-05 | N/A |
| Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. | ||||
| CVE-2018-20133 | 1 Ymlref Project | 1 Ymlref | 2024-08-05 | N/A |
| ymlref allows code injection. | ||||
| CVE-2018-20129 | 1 Dedecms | 1 Dedecms | 2024-08-05 | N/A |
| An issue was discovered in DedeCMS V5.7 SP2. uploads/include/dialog/select_images_post.php allows remote attackers to upload and execute arbitrary PHP code via a double extension and a modified ".php" substring, in conjunction with the image/jpeg content type, as demonstrated by the filename=1.jpg.p*hp value. | ||||
| CVE-2018-20027 | 1 Lisa-lab | 1 Pylearn2 | 2024-08-05 | N/A |
| The yaml_parse.load method in Pylearn2 allows code injection. | ||||
| CVE-2018-19595 | 1 Pbootcms | 1 Pbootcms | 2024-08-05 | N/A |
| PbootCMS V1.3.1 build 2018-11-14 allows remote attackers to execute arbitrary code via use of "eval" with mixed case, as demonstrated by an index.php/list/5/?current={pboot:if(evAl($_GET[a]))}1{/pboot:if}&a=phpinfo(); URI, because of an incorrect apps\home\controller\ParserController.php parserIfLabel protection mechanism. | ||||
| CVE-2018-19520 | 2 Php, Sdcms | 2 Php, Sdcms | 2024-08-05 | N/A |
| An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. | ||||
| CVE-2018-19404 | 1 Yxcms | 1 Yxcms | 2024-08-05 | N/A |
| In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. | ||||
| CVE-2018-19053 | 1 Pbootcms | 1 Pbootcms | 2024-08-05 | N/A |
| PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. | ||||
| CVE-2018-19127 | 1 Phpcms | 1 Phpcms | 2024-08-05 | N/A |
| A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring. | ||||
| CVE-2018-18903 | 1 Vanillaforums | 1 Vanilla | 2024-08-05 | N/A |
| Vanilla 2.6.x before 2.6.4 allows remote code execution. | ||||