Page 5 of 27 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Zend Framework versiones anteriores a 2.2.10 y versiones 2.3.x anteriores a 2.3.5, presenta una Inyección SQL Potencial en el adaptador Zend\Db de PostgreSQL. • https://framework.zend.com/security/advisory/ZF2015-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. Adive Framework hasta la versión 2.0.7 se ve afectado por XSS en las funciones Create New Table y Create New Navigation Link • https://www.sevenlayers.com/index.php/231-adive-framework-2-0-7-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Laravel 5.4.15 is vulnerable to Error based SQL injection in save.php via dhx_user and dhx_version parameters. Laravel, en su versión 5.4.15, es vulnerable a inyección SQL basada en errores en save.php mediante los parámetros dhx_user y dhx_version. • http://www.itblog.gbonanno.de/cve-2018-6330-laravel-sql-injection https://github.com/laravel/framework/blob/5.4/CHANGELOG-5.4.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1

Elemin allows remote attackers to upload and execute arbitrary PHP code via the Themify framework (before 1.2.2) wp-content/themes/elemin/themify/themify-ajax.php file. Elemin permite a atacantes remotos cargar y ejecutar código PHP arbitrario por medio del archivo wp-content/themes/elemin/themify/themify-ajax.php del framework Themify (versiones anteriores a 1.2.2) • https://en.0day.today/exploit/22090 https://packetstormsecurity.com/files/124149/WordPress-Elemin-Shell-Upload.html https://themify.me/blog/updated-themify-framework-to-fix-the-vulnerability https://themify.me/blog/urgent-vulnerability-found-in-themify-framework-please-read • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by Validate.php and certain other files. Zend Framework v1.11.3 en Zend Server CE v5.1.0 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con Validate.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Zend http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •