8.6
CVE-2023-53981 - PhotoShow 3.0 Remote Code Execution via Exiftran Path Injection
PhotoShow 3.0 contains a remote code execution vulnerability that allows authenticated administrators to inject malicious commands through the exiftran path configuration. Attackers can exploit the ffmpeg configuration settings by base64 encoding a reverse shell command and executing it through a cβ¦
8.7
CVE-2023-53980 - ProjectSend r1605 Remote Code Execution via File Extension Manipulation
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.
8.6
CVE-2023-53979 - MyBB 1.8.32 Authenticated Remote Code Execution via Chained Vulnerabilities
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration editiβ¦
5.1
CVE-2023-53978 - myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Announcements
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement title β¦
5.1
CVE-2023-53977 - myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Management
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum management system that allows authenticated administrators to inject malicious scripts when creating new forums. Attackers can exploit this vulnerability by inserting script payloads in the forum title field when aβ¦
5.1
CVE-2023-53976 - myBB Forums 1.8.26 Stored Cross-Site Scripting via Template Management
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the template management system that allows authenticated administrators to inject malicious scripts when creating new templates. Attackers can exploit this vulnerability by inserting script payloads in the template title fieβ¦
9.3
CVE-2023-53975 - Atom CMS 2.0 Unauthenticated SQL Injection via Admin Index Page
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks.
8.8
CVE-2023-53974 - D-Link DSL-124 ME_1.00 Backup Configuration File Disclosure via Unauthenticated Request
D-Link DSL-124 ME_1.00 contains a configuration file disclosure vulnerability that allows unauthenticated attackers to retrieve router settings through a POST request. Attackers can send a specific POST request to the router's configuration endpoint to download a complete backup file containing senβ¦
8.5
CVE-2023-53973 - Zillya Total Security 3.0.2367.0 Local Privilege Escalation via Quarantine Module
Zillya Total Security 3.0.2367.0 contains a privilege escalation vulnerability that allows low-privileged users to copy files to unauthorized system locations using the quarantine module. Attackers can leverage symbolic link techniques to restore quarantined files to restricted directories, potentiβ¦
9.3
CVE-2023-53972 - WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access sensβ¦