• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-94

CVE-2018-10515

February 26, 2023 by

In CMS Made Simple (CMSMS) through 2.2.7, the “file unpack” operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive.

CVE-2018-10517

February 26, 2023 by

In CMS Made Simple (CMSMS) through 2.2.7, the “module import” operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element.

CVE-2018-10429

February 26, 2023 by

Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the Database Prefix field on the Database Info screen of install.php.

CVE-2018-1028

February 26, 2023 by

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka “Microsoft Office Graphics Remote Code Execution Vulnerability.” This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

CVE-2018-10235

February 26, 2023 by

POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via the diymodulemembercontrollersadminSetting.php ‘index’ function because an attacker can control the value of $cache[‘setting’][‘ucssocfg’] in diymodulemembermodelsMember_model.php and write this code into the api/ucsso/config.php file.

CVE-2018-10236

February 26, 2023 by

POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via the diydayruicontrollersadminSyscontroller.php ‘add’ function because an attacker can control the value of $data[‘name’] with no restrictions, and this value is written to the FCPATH.$file file.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 135
  • Go to page 136
  • Go to page 137
  • Go to page 138
  • Go to page 139
  • Interim pages omitted …
  • Go to page 225
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE