CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command.
Source: CVE-2021-36100
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command.
Source: CVE-2021-36100
CVE-2022-1004
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
Source: CVE-2022-1004
CVE-2022-25481
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
Source: CVE-2022-25481
CVE-2022-25505
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in includeModelCategory.php.
Source: CVE-2022-25505
CVE-2020-26007
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
Source: CVE-2020-26007
CVE-2020-26008
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.
Source: CVE-2020-26008
CVE-2021-39383
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
Source: CVE-2021-39383
CVE-2021-42194
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user’s input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
Source: CVE-2021-42194
CVE-2021-39384
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.
Source: CVE-2021-39384
CVE-2022-25462
Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
Source: CVE-2022-25462