The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.
An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls.
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter.
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input
PHP remote file inclusion vulnerability in iJoomla Magazine (com_magazine) component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php.
Unrestricted Upload of File with Dangerous Type vulnerability in ZealousWeb Generate PDF using Contact Form 7.This issue affects Generate PDF using Contact Form 7: from n/a through 4.0.6.
File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload.
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file.
PHP remote file inclusion vulnerability in phpunity-postcard.php in phpunity.postcard allows remote attackers to execute arbitrary PHP code via a URL in the gallery_path parameter.
File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.
Multiple PHP remote file inclusion vulnerabilities in AR Web Content Manager (AWCM) 2.1 final allow remote attackers to execute arbitrary PHP code via a URL in the theme_file parameter to (1) includes/window_top.php and (2) header.php, and the (3) lang_file parameter to control/common.php.
Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.
phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and December 15th 2010, contains an externally introduced modification (Trojan Horse) in the getTopTen method in inc/Faq.php, which allows remote attackers to execute arbitrary PHP code.
An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to 11.1.3.1.
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload".
Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.
Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/custom_component" endpoint and provide a Python script.
An arbitrary file upload vulnerability in the /v1/app/writeFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
JetBrains YouTrack before 2021.4.40426 was vulnerable to SSTI (Server-Side Template Injection) via FreeMarker templates.
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file.
Incomplete blacklist vulnerability in the safe_url_extraclean function in ajax.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code by using a page parameter containing a UNC share pathname, which bypasses the check for the : (colon) character.
A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor.
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
MCMS v5.2.4 was discovered to contain an arbitrary file upload vulnerability via the component /ms/template/writeFileContent.do.
MCMS v5.2.4 was discovered to have an arbitrary file upload vulnerability in the New Template module, which allows attackers to execute arbitrary code via a crafted ZIP file.
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.
Tenda FH1206 V1.2.0.8(8155) was discovered to contain a command injection vulnerability via the mac parameter at ip/goform/WriteFacMac.
An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.
An arbitrary file upload vulnerability in /fileupload/upload.cfm in Daemon PTY Limited FarCry Core framework before 7.2.14 allows attackers to execute arbitrary code via uploading a crafted .cfm file.
A vulnerability in ${"freemarker.template.utility.Execute"?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files.
PHP remote file inclusion vulnerability in extras/pandora_diag.php in Pandora FMS before 3.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the argv[1] parameter.
An arbitrary file upload vulnerability in the component \controller\ImageUploadController.class of inxedu v2.0.6 allows attackers to execute arbitrary code via uploading a crafted jsp file.
There is an arbitrary file upload vulnerability on the media add .php page in the backend of the website in version 5.7.114 of DedeCMS
An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.114 allows attackers to execute arbitrary code via uploading a crafted file.
A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts.
Unrestricted Upload of File with Dangerous Type vulnerability in Asghar Hatampoor BuddyPress Cover allows Code Injection.This issue affects BuddyPress Cover: from n/a through 2.1.4.2.
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.