CVE-2021-36100

Specially crafted string in OTRS system configuration can allow the execution of any system command.

Source: CVE-2021-36100

CVE-2022-1004

Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.

Source: CVE-2022-1004

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.

Source: CVE-2022-25481

CVE-2022-25505

Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in includeModelCategory.php.

Source: CVE-2022-25505

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.

Source: CVE-2020-26007

CVE-2020-26008

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.

Source: CVE-2020-26008

CVE-2021-39383

DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.

Source: CVE-2021-39383

CVE-2021-42194

The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user’s input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.

Source: CVE-2021-42194

CVE-2021-39384

DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.

Source: CVE-2021-39384

CVE-2022-25462

Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.

Source: CVE-2022-25462