The vulnerability exists due to insufficient sanitization of user-supplied input in the 'controller' parameter of the 'tblight.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary PHP code on the target system.
Cross site forgery vulnerability has been identified in curtain WordPress plugin that allows an attacker to to activate or deactivate sites maintenance mode.
A file upload functionality in Atom CMS 2.0 allows any non-privileged user to gain access to the host through the uploaded files, which may result in remote code execution.
User input passed through the 'groups' POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the 'users' database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.
The WordPress Plugin amministrazione-aperta version 3.7.3 is vulnerable to Local File Inclusion (LFI). An unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP request to the vulnerable file dispatcher.php with the parameter 'open' set to the path of the file to be included. This can allow the attacker to read sensitive files from the server.
The application suffers from an authenticated stored XSS vulnerability. The issue is triggered when input passed to the 'Name' parameter is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Sysax Scheduler Service runs as Local System. By default the application allows for low privilege users to create/run backup jobs other than themselves. By removing the option to run as current user or another, the task will run as System. A low privilege user could abuse this and escalate their privileges to local system.
This is the RCE exploit for the following advisory (officially discovered by Jakub Kramarz): https://forums.ivanti.com/s/article/SA-2021-12-02?language=en_US. Shoutouts to phyr3wall for providing a hint to where the obfuscated code relies.
This exploit allows an attacker to gain remote code execution on a vulnerable iRZ Mobile Router. The exploit requires the attacker to have access to the router's web page, either through authentication or through a CSRF attack. Once the attacker has access, they can send a specially crafted JSON payload to the router, which will execute a reverse shell on the attacker's machine.
iQ Block Country is a Wordpress plugin that allows you to limit access to your website content. It can allow or disallow visitors from defined countries to (parts of) the content of the website. The settings of the plugin can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to “Zip Slip” vulnerability. Zip Slip can cause damage by overwriting configuration files or other sensitive resources. In this finding, An attacker can exploit this vulnerability and the behavior of the extraction process, to delete an arbitrary file in the server. For doing this, it is enough to upload a zip file containing a file that is named as the path of a file which is desired to be deleted.
Services By CQR