CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5199 – PHP to Page <= 0.3 - Authenticated (Subscriber+) Local File Inclusion to Remote Code Execution via Shortcode
https://notcve.org/view.php?id=CVE-2023-5199
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily. El complemento PHP to Page para WordPress es vulnerable a la Inclusión de Archivos Locales en la Ejecución Remota de Código en versiones hasta la 0.3 incluida a través del shortcode 'php-to-page'. Esto permite a atacantes autenticados con permisos de nivel de suscriptor o superiores incluir archivos locales y potencialmente ejecutar código en el servidor. • https://plugins.trac.wordpress.org/browser/php-to-page/trunk/php-to-page.php?rev=441028#L22 https://www.wordfence.com/threat-intel/vulnerabilities/id/83e5a0dc-fc51-4565-945f-190cf9175874?source=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') CWE-552: Files or Directories Accessible to External Parties •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42359
https://notcve.org/view.php?id=CVE-2023-42359
SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. Vulnerabilidad de inyección SQL en el Exam Form Submission en PHP con Código Fuente v.1.0 permite a un atacante remoto escalar privilegios a través del parámetro val-username en /index.php. • https://upbeat-washer-def.notion.site/Exam-Form-Submission-In-PHP-SQL-Injection-in-index-php-bd71962db712459488019d531ab2f6f2?pvs=4 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 4CVE-2023-3824 – Buffer overflow and overread in phar_dir_read()
https://notcve.org/view.php?id=CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. En PHP versión 8.0.* antes de 8.0.30, 8.1.* antes de 8.1.22, y 8.2.* antes de 8.2.8, al cargar el archivo phar, mientras se leen las entradas del directorio PHAR, una comprobación de longitud insuficiente puede conducir a un desbordamiento del búfer de pila, llevando potencialmente a corrupción de memoria o RCE. A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phar_dir_read() function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing the attacker to corrupt memory or cause a denial of service condition. • https://github.com/jhonnybonny/CVE-2023-3824 https://github.com/m1sn0w/CVE-2023-3824 https://github.com/Starla2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1CVE-2023-3823 – Security issue with external entity loading in XML without enabling it
https://notcve.org/view.php?id=CVE-2023-3823
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. • https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/security/cve/CVE-2023-3823 https://bugzilla.redhat.com/show_bug.cgi?id=2229396 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3806 – SourceCodester House Rental and Property Listing System btn_functions.php unrestricted upload
https://notcve.org/view.php?id=CVE-2023-3806
A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/GZRsecurity/Cve-System/blob/main/House%20Rental%20and%20Property%20Listing%20System%20register.php%20has%20%20File%20Upload(RCE)%20Vulnerability.pdf https://vuldb.com/?ctiid.235074 https://vuldb.com/?id.235074 • CWE-434: Unrestricted Upload of File with Dangerous Type •