The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution.
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to PHP Code Injection leading to Remote Code Execution in all versions up to, and including, 2.8.6 via the 'storeTheme' function. This is due to a lack of sanitization on user-supplied values, which replace values in the style.php file, along with missing capability checks. This makes it possible for unauthenticated attackers to execute code on the server. This issue was partially patched in 2.8.6 when the code injection issue was resolved, and fully patched in 2.8.7 when the missing authorization and cross-site request forgery protection was added.
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483.
Improper Control of Generation of Code ('Code Injection') vulnerability in Next4Biz CRM & BPM Software Business Process Manangement (BPM) allows Remote Code Inclusion.This issue affects Business Process Manangement (BPM): from 6.6.4.4 before 6.6.4.5.
Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.
ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server.
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue.
An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration.
pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of `pyrage` before 1.2.0 lack plugin support and are therefore **not affected**. An equivalent issue was fixed in [the reference Go implementation of age](https://github.com/FiloSottile/age), see advisory GHSA-32gq-x56h-299c. This issue has been addressed in version 1.2.3 and all users are advised to update. There are no known workarounds for this vulnerability.
SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function.
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.
An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE.
A remote code execution (RCE) vulnerability in the ZScript function of ZDoom Team GZDoom v4.13.1 allows attackers to execute arbitrary code via supplying a crafted PK3 file containing a malicious ZScript source file.
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue.
cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.
A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
A template injection vulnerability in the Dashboard of NASA Fprime v3.4.3 allows attackers to execute arbitrary code via uploading a crafted Vue file.
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter get_email. After which, they can visit the send_log.cgi endpoint which uses the parameter in a system call to achieve command execution.
A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.
An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter.
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module
Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.
Netgear WNR854T 1.5.2 (North America) is vulnerable to Arbitrary command execution in cmd.cgi which allows for the execution of system commands via the web interface.
An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL.
The WPCasa plugin for WordPress is vulnerable to Code Injection in all versions up to, and including, 1.4.1. This is due to insufficient input validation and restriction on the 'api_requests' function. This makes it possible for unauthenticated attackers to call arbitrary functions and execute code.
Netgear WNR854T 1.5.2 (North America) is vulnerable to Command Injection. An attacker can send a specially crafted request to post.cgi, updating the nvram parameter pppoe_peer_mac and forcing a reboot. This will result in command injection.
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter.
FoxCMS <=v1.2.5 is vulnerable to Code Execution in admin/template_file/editFile.html.
Apache Commons Text versions prior to 1.10.0 included interpolation features that could be abused when applications passed untrusted input into the text-substitution API. Because some interpolators could trigger actions like executing commands or accessing external resources, an attacker could potentially achieve remote code execution. This vulnerability has been fully addressed in FileMaker Server 22.0.4.
In Netgear WNR854T 1.5.2 (North America), the UPNP service is vulnerable to command injection in the function addmap_exec which parses the NewInternalClient parameter of the AddPortMapping SOAPAction into a system call without sanitation. An attacker can send a specially crafted SOAPAction request for AddPortMapping via the router's WANIPConn1 service to achieve arbitrary command execution.
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter.
An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file
PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application.
Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Query Console allows Code Injection.This issue affects WP Query Console: from n/a through 1.0.
In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doGRETunnel function.
An issue in the PepeGxng smart contract (which can be run on the Ethereum blockchain) allows remote attackers to have an unspecified impact via the mint function. NOTE: this is disputed by third parties because the impact is limited to function calls.
In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution.