The File Manager plugin (wp-file-manager) before version 6.9 for WordPress has a vulnerability that allows remote attackers to upload and execute arbitrary PHP code. The vulnerability arises from the plugin renaming an unsafe example elFinder connector file to have the .php extension, enabling attackers to use elFinder commands to
Mara CMS 7.5 has a security vulnerability in which there is an arbitrary file upload issue. To exploit this vulnerability, an attacker needs to have a valid authenticated session as an admin or manager. The attacker can then make a request to 'codebase/dir.php?type=filenew'
An issue was discovered in rConfig through version 3.9.4, where the web interface is vulnerable to SQL injection through the "searchColumn" parameter in "commands.inc.php". This vulnerability could allow attackers to manipulate the database and access sensitive information. Disclaimer The content provided here