This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. The identifier of this vulnerability is VDB-241024. The exploit has been disclosed to the public and may be used. The attack needs to be approached within the local network. The manipulation leads to denial of service. This vulnerability affects unknown code of the component Ethernet Interface. In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution.Ī vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |