AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php.
CWE-94
CVE-2021-25770
In JetBrains YouTrack before 2020.5.3123, server-side template injection (SSTI) was possible, which could lead to code execution.
CVE-2021-25808
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
CVE-2021-25251
The Trend Micro Security 2020 and 2021 families of consumer products are vulnerable to a code injection vulnerability which could allow an attacker to disable the program’s password protection and disable protection. An attacker must already have administrator privileges on the machine to exploit this vulnerability.
CVE-2021-25283
An issue was discovered in through SaltStack Salt before 3002.5. The jinja renderer does not protect against server side template injection attacks.
CVE-2021-24942
The Menu Item Visibility Control WordPress plugin through 0.5 doesn’t sanitize and validate the “Visibility logic” option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment.