Page 3 of 14 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Zend Framework versiones anteriores a 2.2.10 y versiones 2.3.x anteriores a 2.3.5, presenta una Inyección SQL Potencial en el adaptador Zend\Db de PostgreSQL. • https://framework.zend.com/security/advisory/ZF2015-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. Adive Framework hasta la versión 2.0.7 se ve afectado por XSS en las funciones Create New Table y Create New Navigation Link • https://www.sevenlayers.com/index.php/231-adive-framework-2-0-7-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. Elemin permite a atacantes remotos cargar y ejecutar código PHP arbitrario por medio del archivo wp-content/themes/elemin/themify/themify-ajax.php del framework Themify (versiones anteriores a 1.2.2) • https://en.0day.today/exploit/22090 https://packetstormsecurity.com/files/124149/WordPress-Elemin-Shell-Upload.html https://themify.me/blog/updated-themify-framework-to-fix-the-vulnerability https://themify.me/blog/urgent-vulnerability-found-in-themify-framework-please-read • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.0EPSS: 0%CPEs: 61EXPL: 2

The shutdown function in the Zend_Log_Writer_Mail class in Zend Framework (ZF) allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed." La función shutdown en la clase Zend_Log_Writer_Mail en Zend Framework (ZF) permite a atacantes dependientes del contexto enviar mensajes e-mail de su lección a varias direcciones a través de vectores relacionados con "events not yet mailed." • http://www.sektioneins.de/en/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability http://www.suspekt.org/2009/12/09/advisory-032009-piwik-cookie-unserialize-vulnerability • CWE-264: Permissions, Privileges, and Access Controls •