Tag: rce

phpMyAdmin 4.8.1 – Remote Code Execution (RCE)

Security Team ChaMd5 disclose a Local File Inclusion vulnerability in phpMyAdmin latest version 4.8.1. And the exploiting of this vulnerability may lead to Remote Code Execution. Reference:

November 21, 2022
qdPM 9.1 – Remote Code Execution (RCE) (Authenticated)

A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users[‘photo_preview’] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. Reference:

November 21, 2022
CVE-2022-3360 – Unauthenticated PHP Object Injection via REST API

The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a…

November 21, 2022