Vulnerabilities (CVE)

Filtered by CWE-94
Total 4613 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-1999022 2 Civicrm, Html Quickform Project 2 Civicrm, Html Quickform 2024-11-21 7.5 HIGH 9.8 CRITICAL
PEAR HTML_QuickForm version 3.2.14 contains an eval injection (CWE-95) vulnerability in HTML_QuickForm's getSubmitValue method, HTML_QuickForm's validate method, HTML_QuickForm_hierselect's _setOptions method, HTML_QuickForm_element's _findValue method, HTML_QuickForm_element's _prepareValue method. that can result in Possible information disclosure, possible impact on data integrity and execution of arbitrary code. This attack appear to be exploitable via A specially crafted query string could be utilised, e.g. http://www.example.com/admin/add_practice_type_id[1]=fubar%27])%20OR%20die(%27OOK!%27);%20//&mode=live. This vulnerability appears to have been fixed in 3.2.15.
CVE-2018-1999019 1 Chamilo 1 Chamilo Lms 2024-11-21 7.5 HIGH 9.8 CRITICAL
Chamilo LMS version 11.x contains an Unserialization vulnerability in the "hash" GET parameter for the api endpoint located at /webservices/api/v2.php that can result in Unauthenticated remote code execution. This attack appear to be exploitable via a simple GET request to the api endpoint. This vulnerability appears to have been fixed in After commit 0de84700648f098c1fbf6b807dee28ec640efe62.
CVE-2018-18903 1 Vanillaforums 1 Vanilla 2024-11-21 7.5 HIGH 9.8 CRITICAL
Vanilla 2.6.x before 2.6.4 allows remote code execution.
CVE-2018-18892 1 1234n 1 Minicms 2024-11-21 7.5 HIGH 9.8 CRITICAL
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
CVE-2018-18879 1 Columbiaweather 2 Weather Microserver, Weather Microserver Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
In firmware version MS_2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php.
CVE-2018-18836 1 My-netdata 1 Netdata 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Netdata 1.10.0. JSON injection exists via the api/v1/data tqx parameter because of web_client_api_request_v1_data in web/api/web_api_v1.c.
CVE-2018-18835 1 Doccms 1 Doccms 2024-11-21 7.5 HIGH 9.8 CRITICAL
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
CVE-2018-18573 1 Oscommerce 1 Oscommerce 2024-11-21 6.5 MEDIUM 7.2 HIGH
osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. Remote authenticated administrators can upload new '.htaccess' files (e.g., omitting .php) and subsequently achieve arbitrary PHP code execution via a /catalog/admin/categories.php?cPath=&action=new_product URI.
CVE-2018-18461 1 Kibokolabs 1 Arigato Autoresponder And Newsletter 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Arigato Autoresponder and Newsletter (aka bft-autoresponder) v2.5.1.7 plugin for WordPress allows remote attackers to execute arbitrary code via PHP code in attachments[] data to models/attachment.php.
CVE-2018-18426 1 S-cms 1 S-cms 2024-11-21 9.0 HIGH 8.8 HIGH
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
CVE-2018-18319 1 Asuswrt-merlin Project 28 Rt-ac1900, Rt-ac1900 Firmware, Rt-ac2900 and 25 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
** DISPUTED ** An issue was discovered in the Merlin.PHP component 0.6.6 for Asuswrt-Merlin devices. An attacker can execute arbitrary commands because api.php has an eval call, as demonstrated by the /6/api.php?function=command&class=remote&Cc='ls' URI. NOTE: the vendor indicates that Merlin.PHP is designed only for use on a trusted intranet network, and intentionally allows remote code execution.
CVE-2018-18258 1 Bagesoft 1 Bagecms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.
CVE-2018-18249 1 Icinga 1 Icinga Web 2 2024-11-21 7.5 HIGH 9.8 CRITICAL
Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the attacker, such as a name=${PATH}_${APACHE_RUN_DIR}_${APACHE_RUN_USER} parameter to /icingaweb2/navigation/add or /icingaweb2/dashboard/new-dashlet.
CVE-2018-18083 1 Comsenz 1 Duomicms 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.
CVE-2018-17827 1 Hisiphp 1 Hisiphp 2024-11-21 6.5 MEDIUM 7.2 HIGH
HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php.
CVE-2018-17364 1 Otcms 1 Otcms 2024-11-21 6.8 MEDIUM 8.1 HIGH
OTCMS 3.61 allows remote attackers to execute arbitrary PHP code via the accBackupDir parameter.
CVE-2018-17207 1 Snapcreek 1 Duplicator 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVE-2018-17173 1 Lg 1 Supersign Cms 2024-11-21 7.5 HIGH 9.8 CRITICAL
LG SuperSign CMS allows remote attackers to execute arbitrary code via the sourceUri parameter to qsr_server/device/getThumbnail.
CVE-2018-17170 1 Teamwire 1 Teamwire 2024-11-21 6.8 MEDIUM 8.1 HIGH
Grouptime Teamwire Desktop Client 1.5.1 prior to 1.9.0 on Windows allows code injection via a template, leading to remote code execution. All backend versions prior to prod-2018-11-13-15-00-42 are affected.
CVE-2018-17134 1 Phpmywind 1 Phpmywind 2024-11-21 6.5 MEDIUM 7.2 HIGH
admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.