• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-94

CVE-2018-19196

February 26, 2023 by

An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admincontrolleruploadfile.php restrictions on uploaded file types (jpg, jpeg, bmp, png, gif), as demonstrated by an admin/index.php?c=uploadfile&a=uploadify_upload&type=php URI.

CVE-2018-19220

February 26, 2023 by

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI.

CVE-2018-19180

February 26, 2023 by

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.

CVE-2018-19127

February 26, 2023 by

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a “<?php function " substring.

CVE-2018-19053

February 26, 2023 by

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a “SET GLOBAL general_log_file” statement, followed by a SELECT statement containing this PHP code.

CVE-2018-19002

February 26, 2023 by

LCDS Laquis SCADA prior to version 4.1.0.4150 allows improper control of generation of code when opening a specially crafted project file, which may allow remote code execution, data exfiltration, or cause a system crash.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 124
  • Go to page 125
  • Go to page 126
  • Go to page 127
  • Go to page 128
  • Interim pages omitted …
  • Go to page 225
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE