• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-94

CVE-2018-17134

February 26, 2023 by

admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.

CVE-2018-17030

February 26, 2023 by

BigTree CMS 4.2.23 allows remote authenticated users, if possessing privileges to set hooks, to execute arbitrary code via /core/admin/auto-modules/forms/process.php.

CVE-2018-17036

February 26, 2023 by

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.

CVE-2018-16975

February 26, 2023 by

An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php.

CVE-2018-16771

February 26, 2023 by

Hoosk v1.7.0 allows PHP code execution via a SiteUrl that is provided during installation and mishandled in config.php.

CVE-2018-16604

February 26, 2023 by

An issue was discovered in Nibbleblog v4.0.5. With an admin’s username and password, an attacker can execute arbitrary PHP code by changing the username because the username is surrounded by double quotes (e.g., “${phpinfo()}”).

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 129
  • Go to page 130
  • Go to page 131
  • Go to page 132
  • Go to page 133
  • Interim pages omitted …
  • Go to page 225
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE