• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-94

CVE-2019-15873

February 26, 2023 by

The profilegrid-user-profiles-groups-and-communities plugin before 2.8.6 for WordPress has remote code execution via an wp-admin/admin-ajax.php request with the action=pm_template_preview&html=<?php substring followed by PHP code.

CVE-2019-15746

February 26, 2023 by

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user.

CVE-2019-1577

February 26, 2023 by

Code injection vulnerability in Palo Alto Networks Traps 5.0.5 and earlier may allow an authenticated attacker to inject arbitrary JavaScript or HTML.

CVE-2019-15642

February 26, 2023 by

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states “RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.”

CVE-2019-15647

February 26, 2023 by

The groundhogg plugin before 1.3.5 for WordPress has wp-admin/admin-ajax.php?action=bulk_action_listener remote code execution.

CVE-2019-15597

February 26, 2023 by

A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 164
  • Go to page 165
  • Go to page 166
  • Go to page 167
  • Go to page 168
  • Interim pages omitted …
  • Go to page 225
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE