Page 376 of 37594 results (0.154 seconds)

CVSS: 9.8EPSS: %CPEs: -EXPL: 0

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file. • https://github.com/CveSecLook/cve/issues/20 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •

CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 3

Zabbix server can perform command execution for configured scripts. ... Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. • https://github.com/W01fh4cker/CVE-2024-22120-RCE https://github.com/g4nkd/CVE-2024-22120-RCE-with-gopher https://github.com/isPique/CVE-2024-22120-RCE-with-gopher https://support.zabbix.com/browse/ZBX-24505 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 permite a los usuarios no autenticados modificar los archivos cargados de tal manera que el código PHP se pueda cargar cuando se incluye una entrada de archivo de carga en un formulario. ... This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://wpscan.com/vulnerability/dc34dc2d-d5a1-4e28-8507-33f659ead647 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avira Spotlight Service. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://www.zerodayinitiative.com/advisories/ZDI-24-469 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Sante PACS Server PG Patient Query SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. ... This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server PG. ... An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. • https://www.zerodayinitiative.com/advisories/ZDI-24-468 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •