CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CVE-2025-13584 (GCVE-0-2025-13584)
Vulnerability from cvelistv5 – Published: 2025-11-24 05:02 – Updated: 2025-11-24 21:35 X_Open Source
VLAI
Title
Eigenfocus Description cross site scripting
Summary
A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/time_entry.description leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.4.1 is able to resolve this issue. The identifier of the patch is 7dec94c9d1f3e513e0ee38ba68caaba628e08582. Upgrading the affected component is advised.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333348 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333348 | signaturepermissions-required |
| https://vuldb.com/?submit.699689 | third-party-advisory |
| https://github.com/Stolichnayer/eigenfocus-stored-xss | exploit |
| https://github.com/Eigenfocus/eigenfocus/pull/358 | issue-tracking |
| https://github.com/Eigenfocus/eigenfocus/commit/7… | patch |
| https://github.com/Eigenfocus/eigenfocus/releases… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Eigenfocus |
Affected:
1.0
Affected: 1.1 Affected: 1.2 Affected: 1.3 Affected: 1.4.0 Unaffected: 1.4.1 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13584",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T21:35:31.786890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T21:35:43.064Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Description Handler"
],
"product": "Eigenfocus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4.0"
},
{
"status": "unaffected",
"version": "1.4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "alexperrakis (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in Eigenfocus up to 1.4.0. This vulnerability affects unknown code of the component Description Handler. The manipulation of the argument entry.description/time_entry.description leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.4.1 is able to resolve this issue. The identifier of the patch is 7dec94c9d1f3e513e0ee38ba68caaba628e08582. Upgrading the affected component is advised."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T05:02:07.368Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333348 | Eigenfocus Description cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333348"
},
{
"name": "VDB-333348 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333348"
},
{
"name": "Submit #699689 | Eigenfocus Eigenfocus Free Edition 1.4.0 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.699689"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Stolichnayer/eigenfocus-stored-xss"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Eigenfocus/eigenfocus/pull/358"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Eigenfocus/eigenfocus/commit/7dec94c9d1f3e513e0ee38ba68caaba628e08582"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Eigenfocus/eigenfocus/releases/tag/v1.4.1-free"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2025-11-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-24T04:10:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "Eigenfocus Description cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13584",
"datePublished": "2025-11-24T05:02:07.368Z",
"dateReserved": "2025-11-23T09:53:48.827Z",
"dateUpdated": "2025-11-24T21:35:43.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1359 (GCVE-0-2025-1359)
Vulnerability from cvelistv5 – Published: 2025-02-16 20:00 – Updated: 2025-02-18 21:43
VLAI
Title
SIAM Industria de Automação e Monitoramento qrcode.jsp cross site scripting
Summary
A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automação e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
4.3 (Medium)
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.295967 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.295967 | signaturepermissions-required |
| https://vuldb.com/?submit.496171 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SIAM Industria de Automação e Monitoramento | SIAM |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T21:43:24.773190Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T21:43:37.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SIAM",
"vendor": "SIAM Industria de Automa\u00e7\u00e3o e Monitoramento",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stux (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SIAM Industria de Automa\u00e7\u00e3o e Monitoramento SIAM 2.0. This issue affects some unknown processing of the file /qrcode.jsp. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SIAM Industria de Automa\u00e7\u00e3o e Monitoramento SIAM 2.0 entdeckt. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /qrcode.jsp. Dank Manipulation des Arguments url mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-16T20:00:05.893Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295967 | SIAM Industria de Automa\u00e7\u00e3o e Monitoramento qrcode.jsp cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295967"
},
{
"name": "VDB-295967 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295967"
},
{
"name": "Submit #496171 | SIAM Industria de Automa\u00e7\u00e3o e Monitoramento Ltda. SIAM 2.0 Reflected Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.496171"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-15T16:41:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "SIAM Industria de Automa\u00e7\u00e3o e Monitoramento qrcode.jsp cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1359",
"datePublished": "2025-02-16T20:00:05.893Z",
"dateReserved": "2025-02-15T15:36:53.134Z",
"dateUpdated": "2025-02-18T21:43:37.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13592 (GCVE-0-2025-13592)
Vulnerability from cvelistv5 – Published: 2025-12-29 18:20 – Updated: 2026-04-08 17:34
VLAI
Title
Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode
Summary
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| monetizemore | Advanced Ads – Ad Manager & AdSense |
Affected:
0 , ≤ 2.0.14
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13592",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-30T21:57:13.459911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-30T22:30:07.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Advanced Ads \u2013\u00a0Ad Manager \u0026 AdSense",
"vendor": "monetizemore",
"versions": [
{
"lessThanOrEqual": "2.0.14",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "NosleeP"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the \u0027change-ad__content\u0027 shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:34:16.769Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f9e83561-aa71-4984-8a26-207e208d70e8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/advanced-ads/tags/2.0.14/includes/ads/class-ad-plain.php#L36"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3427297/advanced-ads#file9"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-29T06:04:25.000Z",
"value": "Disclosed"
}
],
"title": "Advanced Ads \u003c= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13592",
"datePublished": "2025-12-29T18:20:50.576Z",
"dateReserved": "2025-11-24T06:36:17.899Z",
"dateUpdated": "2026-04-08T17:34:16.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1360 (GCVE-0-2025-1360)
Vulnerability from cvelistv5 – Published: 2025-02-16 20:31 – Updated: 2025-02-18 16:10
VLAI
Title
Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting
Summary
A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msg_to leads to cross site scripting. It is possible to launch the attack remotely. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.295968 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.295968 | signaturepermissions-required |
| https://vuldb.com/?submit.496469 | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Internet Web Solutions | Sublime CRM |
Affected:
20250207
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1360",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T16:10:24.911652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T16:10:29.757Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP POST Request Handler"
],
"product": "Sublime CRM",
"vendor": "Internet Web Solutions",
"versions": [
{
"status": "affected",
"version": "20250207"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "6h4ack (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Internet Web Solutions Sublime CRM up to 20250207. Affected is an unknown function of the file /crm/inicio.php of the component HTTP POST Request Handler. The manipulation of the argument msg_to leads to cross site scripting. It is possible to launch the attack remotely. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Internet Web Solutions Sublime CRM bis 20250207 gefunden. Sie wurde als problematisch eingestuft. Dabei betrifft es einen unbekannter Codeteil der Datei /crm/inicio.php der Komponente HTTP POST Request Handler. Mit der Manipulation des Arguments msg_to mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-16T20:31:03.417Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-295968 | Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.295968"
},
{
"name": "VDB-295968 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.295968"
},
{
"name": "Submit #496469 | Internet Web Solutions Sublime CRM N/A Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.496469"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-15T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-02-15T16:49:06.000Z",
"value": "VulDB entry last update"
}
],
"title": "Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1360",
"datePublished": "2025-02-16T20:31:03.417Z",
"dateReserved": "2025-02-15T15:43:50.235Z",
"dateUpdated": "2025-02-18T16:10:29.757Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-13642 (GCVE-0-2025-13642)
Vulnerability from cvelistv5 – Published: 2025-12-09 15:23 – Updated: 2026-04-08 16:49
VLAI
Title
ProfilePress <= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution
Summary
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the `type` parameter in the form preview functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes via the `pp_preview_form` endpoint.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| properfraction | Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress |
Affected:
0 , ≤ 4.16.7
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13642",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T15:53:52.116928Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T15:53:59.039Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile \u0026 Restrict Content \u2013 ProfilePress",
"vendor": "properfraction",
"versions": [
{
"lessThanOrEqual": "4.16.7",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nguyen Ngoc Quang Bach"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile \u0026 Restrict Content \u2013 ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.7 due to insufficient input sanitization on the `type` parameter in the form preview functionality. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes via the `pp_preview_form` endpoint."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:49:58.055Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4736d139-814e-4eeb-91e8-5ee41fc35a8f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Classes/FormPreviewHandler.php#L71"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Classes/FormPreviewHandler.php#L15"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3408055/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-25T02:14:38.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-12-08T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "ProfilePress \u003c= 4.16.7 - Authenticated (Subscriber+) Arbitrary Shortcode Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13642",
"datePublished": "2025-12-09T15:23:48.459Z",
"dateReserved": "2025-11-25T02:56:43.143Z",
"dateUpdated": "2026-04-08T16:49:58.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13658 (GCVE-0-2025-13658)
Vulnerability from cvelistv5 – Published: 2025-12-02 19:35 – Updated: 2025-12-02 21:41
VLAI
Title
Industrial Video & Control Longwatch has a Code Injection vulnerability
Summary
A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.cisa.gov/news-events/ics-advisories/i… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Industrial Video & Control | Longwatch |
Affected:
6.309 , ≤ 6.334
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-02T21:41:10.934773Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T21:41:24.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Longwatch",
"vendor": "Industrial Video \u0026 Control",
"versions": [
{
"lessThanOrEqual": "6.334",
"status": "affected",
"version": "6.309",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Concerned OT Engineer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-02T19:35:59.252Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-336-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIndustrial Video \u0026amp; Control recommends users running versions 6.309 to 6.334 should upgrade to version 6.335 or later to ensure protection against this vulnerability.\u003cbr\u003e\u003cbr\u003e\n\n\u003cp\u003eFor more details, view Industrial Video \u0026amp; Control\u0027s \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://ivcco.com/wp-content/uploads/Longwatch-Security-Bulletin-11-18-2025.pdf\"\u003eadvisory\u003c/a\u003e.\u003c/p\u003e\u003cbr\u003e\n\n\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "Industrial Video \u0026 Control recommends users running versions 6.309 to 6.334 should upgrade to version 6.335 or later to ensure protection against this vulnerability.\n\n\n\nFor more details, view Industrial Video \u0026 Control\u0027s advisory https://ivcco.com/wp-content/uploads/Longwatch-Security-Bulletin-11-18-2025.pdf ."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Industrial Video \u0026 Control Longwatch has a Code Injection vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-13658",
"datePublished": "2025-12-02T19:35:59.252Z",
"dateReserved": "2025-11-25T16:03:10.989Z",
"dateUpdated": "2025-12-02T21:41:24.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13773 (GCVE-0-2025-13773)
Vulnerability from cvelistv5 – Published: 2025-12-24 04:32 – Updated: 2026-04-08 17:29
VLAI
Title
Print Invoice & Delivery Notes for WooCommerce <= 5.8.0 - Unauthenticated Remote Code Execution
Summary
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in the 'WooCommerce_Delivery_Notes::update' function, PHP enabled in Dompdf, and missing escape in the 'template.php' file. This makes it possible for unauthenticated attackers to execute code on the server.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| tychesoftwares | Print Invoice & Delivery Notes for WooCommerce |
Affected:
0 , ≤ 5.8.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-24T14:16:53.058137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-24T14:17:05.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Print Invoice \u0026 Delivery Notes for WooCommerce",
"vendor": "tychesoftwares",
"versions": [
{
"lessThanOrEqual": "5.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Angus Girvan"
},
{
"lang": "en",
"type": "finder",
"value": "Marcin Dudek"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Print Invoice \u0026 Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the \u0027WooCommerce_Delivery_Notes::update\u0027 function. This is due to missing capability check in the \u0027WooCommerce_Delivery_Notes::update\u0027 function, PHP enabled in Dompdf, and missing escape in the \u0027template.php\u0027 file. This makes it possible for unauthenticated attackers to execute code on the server."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:29:46.005Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e52b34fe-2414-4d6f-bf43-9c5b65ebf769?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3426119/woocommerce-delivery-notes"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/class-woocommerce-delivery-notes.php#L347"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/class-woocommerce-delivery-notes.php#L473"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/templates/pdf/simple/invoice/template.php#L36"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/front/wcdn-front-function.php#L37"
},
{
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-delivery-notes/tags/5.8.0/includes/front/vendor/dompdf/dompdf/src/PhpEvaluator.php#L52"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-12-23T16:17:22.000Z",
"value": "Disclosed"
}
],
"title": "Print Invoice \u0026 Delivery Notes for WooCommerce \u003c= 5.8.0 - Unauthenticated Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-13773",
"datePublished": "2025-12-24T04:32:56.262Z",
"dateReserved": "2025-11-28T05:56:13.257Z",
"dateUpdated": "2026-04-08T17:29:46.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13784 (GCVE-0-2025-13784)
Vulnerability from cvelistv5 – Published: 2025-11-30 07:02 – Updated: 2025-12-03 15:30
VLAI
Title
yungifez Skuul School Management System SVG File edit cross site scripting
Summary
A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333788 | vdb-entry |
| https://vuldb.com/?ctiid.333788 | signaturepermissions-required |
| https://vuldb.com/?submit.689012 | third-party-advisory |
| https://gist.github.com/thezeekhan/7fc54fd44bc5f3… | exploit |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| yungifez | Skuul School Management System |
Affected:
2.6.0
Affected: 2.6.1 Affected: 2.6.2 Affected: 2.6.3 Affected: 2.6.4 Affected: 2.6.5 |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13784",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-03T15:30:33.805536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-03T15:30:37.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://vuldb.com/?submit.689012"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SVG File Handler"
],
"product": "Skuul School Management System",
"vendor": "yungifez",
"versions": [
{
"status": "affected",
"version": "2.6.0"
},
{
"status": "affected",
"version": "2.6.1"
},
{
"status": "affected",
"version": "2.6.2"
},
{
"status": "affected",
"version": "2.6.3"
},
{
"status": "affected",
"version": "2.6.4"
},
{
"status": "affected",
"version": "2.6.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zeeshan Khan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-30T07:02:05.901Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333788 | yungifez Skuul School Management System SVG File edit cross site scripting",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.333788"
},
{
"name": "VDB-333788 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333788"
},
{
"name": "Submit #689012 | yungifez Skuul v2.6.5 Open Redirect",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.689012"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/thezeekhan/7fc54fd44bc5f318be0350b367b2d8ff"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-29T14:04:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "yungifez Skuul School Management System SVG File edit cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13784",
"datePublished": "2025-11-30T07:02:05.901Z",
"dateReserved": "2025-11-29T12:59:34.961Z",
"dateUpdated": "2025-12-03T15:30:37.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13786 (GCVE-0-2025-13786)
Vulnerability from cvelistv5 – Published: 2025-11-30 09:02 – Updated: 2025-12-01 21:06
VLAI
Title
taosir WTCMS index.php fetch code injection
Summary
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333790 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333790 | signaturepermissions-required |
| https://vuldb.com/?submit.689523 | third-party-advisory |
| https://github.com/TiKi-r/CVE-Report/blob/main/Wt… | related |
| https://github.com/TiKi-r/CVE-Report/blob/main/Wt… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13786",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T21:06:40.579307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T21:06:46.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/TiKi-r/CVE-Report/blob/main/WtcmsRCE.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/TiKi-r/CVE-Report/blob/main/WtcmsRCE.md#3-proof-of-concept-poc"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WTCMS",
"vendor": "taosir",
"versions": [
{
"status": "affected",
"version": "01a5f68a3dfc2fdddb44eed967bb2d4f60487665"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "sT1TcH (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-30T09:02:05.334Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333790 | taosir WTCMS index.php fetch code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333790"
},
{
"name": "VDB-333790 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333790"
},
{
"name": "Submit #689523 | wtcms cms 1.0 RCE",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.689523"
},
{
"tags": [
"related"
],
"url": "https://github.com/TiKi-r/CVE-Report/blob/main/WtcmsRCE.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/TiKi-r/CVE-Report/blob/main/WtcmsRCE.md#3-proof-of-concept-poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-29T14:07:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "taosir WTCMS index.php fetch code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13786",
"datePublished": "2025-11-30T09:02:05.334Z",
"dateReserved": "2025-11-29T13:02:31.089Z",
"dateUpdated": "2025-12-01T21:06:46.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13792 (GCVE-0-2025-13792)
Vulnerability from cvelistv5 – Published: 2025-11-30 16:02 – Updated: 2026-02-24 06:38
VLAI
Title
Qualitor getResumo.php eval code injection
Summary
A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 8.20.105 and 8.24.98 addresses this issue. Upgrading the affected component is advised.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.333796 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.333796 | signaturepermissions-required |
| https://vuldb.com/?submit.691251 | third-party-advisory |
| https://vuldb.com/?submit.704314 | third-party-advisory |
| https://www.youtube.com/watch?v=hU8YbFc6KpI | exploitmedia-coverage |
| https://www.qualitor.com.br/official-security-adv… | related |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Qualitor |
Affected:
8.20.104
Affected: 8.24.0 Affected: 8.24.1 Affected: 8.24.2 Affected: 8.24.3 Affected: 8.24.4 Affected: 8.24.5 Affected: 8.24.6 Affected: 8.24.7 Affected: 8.24.8 Affected: 8.24.9 Affected: 8.24.10 Affected: 8.24.11 Affected: 8.24.12 Affected: 8.24.13 Affected: 8.24.14 Affected: 8.24.15 Affected: 8.24.16 Affected: 8.24.17 Affected: 8.24.18 Affected: 8.24.19 Affected: 8.24.20 Affected: 8.24.21 Affected: 8.24.22 Affected: 8.24.23 Affected: 8.24.24 Affected: 8.24.25 Affected: 8.24.26 Affected: 8.24.27 Affected: 8.24.28 Affected: 8.24.29 Affected: 8.24.30 Affected: 8.24.31 Affected: 8.24.32 Affected: 8.24.33 Affected: 8.24.34 Affected: 8.24.35 Affected: 8.24.36 Affected: 8.24.37 Affected: 8.24.38 Affected: 8.24.39 Affected: 8.24.40 Affected: 8.24.41 Affected: 8.24.42 Affected: 8.24.43 Affected: 8.24.44 Affected: 8.24.45 Affected: 8.24.46 Affected: 8.24.47 Affected: 8.24.48 Affected: 8.24.49 Affected: 8.24.50 Affected: 8.24.51 Affected: 8.24.52 Affected: 8.24.53 Affected: 8.24.54 Affected: 8.24.55 Affected: 8.24.56 Affected: 8.24.57 Affected: 8.24.58 Affected: 8.24.59 Affected: 8.24.60 Affected: 8.24.61 Affected: 8.24.62 Affected: 8.24.63 Affected: 8.24.64 Affected: 8.24.65 Affected: 8.24.66 Affected: 8.24.67 Affected: 8.24.68 Affected: 8.24.69 Affected: 8.24.70 Affected: 8.24.71 Affected: 8.24.72 Affected: 8.24.73 Affected: 8.24.74 Affected: 8.24.75 Affected: 8.24.76 Affected: 8.24.77 Affected: 8.24.78 Affected: 8.24.79 Affected: 8.24.80 Affected: 8.24.81 Affected: 8.24.82 Affected: 8.24.83 Affected: 8.24.84 Affected: 8.24.85 Affected: 8.24.86 Affected: 8.24.87 Affected: 8.24.88 Affected: 8.24.89 Affected: 8.24.90 Affected: 8.24.91 Affected: 8.24.92 Affected: 8.24.93 Affected: 8.24.94 Affected: 8.24.95 Affected: 8.24.96 Affected: 8.24.97 Unaffected: 8.20.105 Unaffected: 8.24.98 cpe:2.3:a:qualitor:qualitor:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13792",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-01T17:48:04.838756Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T17:49:26.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:qualitor:qualitor:*:*:*:*:*:*:*:*"
],
"product": "Qualitor",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "8.20.104"
},
{
"status": "affected",
"version": "8.24.0"
},
{
"status": "affected",
"version": "8.24.1"
},
{
"status": "affected",
"version": "8.24.2"
},
{
"status": "affected",
"version": "8.24.3"
},
{
"status": "affected",
"version": "8.24.4"
},
{
"status": "affected",
"version": "8.24.5"
},
{
"status": "affected",
"version": "8.24.6"
},
{
"status": "affected",
"version": "8.24.7"
},
{
"status": "affected",
"version": "8.24.8"
},
{
"status": "affected",
"version": "8.24.9"
},
{
"status": "affected",
"version": "8.24.10"
},
{
"status": "affected",
"version": "8.24.11"
},
{
"status": "affected",
"version": "8.24.12"
},
{
"status": "affected",
"version": "8.24.13"
},
{
"status": "affected",
"version": "8.24.14"
},
{
"status": "affected",
"version": "8.24.15"
},
{
"status": "affected",
"version": "8.24.16"
},
{
"status": "affected",
"version": "8.24.17"
},
{
"status": "affected",
"version": "8.24.18"
},
{
"status": "affected",
"version": "8.24.19"
},
{
"status": "affected",
"version": "8.24.20"
},
{
"status": "affected",
"version": "8.24.21"
},
{
"status": "affected",
"version": "8.24.22"
},
{
"status": "affected",
"version": "8.24.23"
},
{
"status": "affected",
"version": "8.24.24"
},
{
"status": "affected",
"version": "8.24.25"
},
{
"status": "affected",
"version": "8.24.26"
},
{
"status": "affected",
"version": "8.24.27"
},
{
"status": "affected",
"version": "8.24.28"
},
{
"status": "affected",
"version": "8.24.29"
},
{
"status": "affected",
"version": "8.24.30"
},
{
"status": "affected",
"version": "8.24.31"
},
{
"status": "affected",
"version": "8.24.32"
},
{
"status": "affected",
"version": "8.24.33"
},
{
"status": "affected",
"version": "8.24.34"
},
{
"status": "affected",
"version": "8.24.35"
},
{
"status": "affected",
"version": "8.24.36"
},
{
"status": "affected",
"version": "8.24.37"
},
{
"status": "affected",
"version": "8.24.38"
},
{
"status": "affected",
"version": "8.24.39"
},
{
"status": "affected",
"version": "8.24.40"
},
{
"status": "affected",
"version": "8.24.41"
},
{
"status": "affected",
"version": "8.24.42"
},
{
"status": "affected",
"version": "8.24.43"
},
{
"status": "affected",
"version": "8.24.44"
},
{
"status": "affected",
"version": "8.24.45"
},
{
"status": "affected",
"version": "8.24.46"
},
{
"status": "affected",
"version": "8.24.47"
},
{
"status": "affected",
"version": "8.24.48"
},
{
"status": "affected",
"version": "8.24.49"
},
{
"status": "affected",
"version": "8.24.50"
},
{
"status": "affected",
"version": "8.24.51"
},
{
"status": "affected",
"version": "8.24.52"
},
{
"status": "affected",
"version": "8.24.53"
},
{
"status": "affected",
"version": "8.24.54"
},
{
"status": "affected",
"version": "8.24.55"
},
{
"status": "affected",
"version": "8.24.56"
},
{
"status": "affected",
"version": "8.24.57"
},
{
"status": "affected",
"version": "8.24.58"
},
{
"status": "affected",
"version": "8.24.59"
},
{
"status": "affected",
"version": "8.24.60"
},
{
"status": "affected",
"version": "8.24.61"
},
{
"status": "affected",
"version": "8.24.62"
},
{
"status": "affected",
"version": "8.24.63"
},
{
"status": "affected",
"version": "8.24.64"
},
{
"status": "affected",
"version": "8.24.65"
},
{
"status": "affected",
"version": "8.24.66"
},
{
"status": "affected",
"version": "8.24.67"
},
{
"status": "affected",
"version": "8.24.68"
},
{
"status": "affected",
"version": "8.24.69"
},
{
"status": "affected",
"version": "8.24.70"
},
{
"status": "affected",
"version": "8.24.71"
},
{
"status": "affected",
"version": "8.24.72"
},
{
"status": "affected",
"version": "8.24.73"
},
{
"status": "affected",
"version": "8.24.74"
},
{
"status": "affected",
"version": "8.24.75"
},
{
"status": "affected",
"version": "8.24.76"
},
{
"status": "affected",
"version": "8.24.77"
},
{
"status": "affected",
"version": "8.24.78"
},
{
"status": "affected",
"version": "8.24.79"
},
{
"status": "affected",
"version": "8.24.80"
},
{
"status": "affected",
"version": "8.24.81"
},
{
"status": "affected",
"version": "8.24.82"
},
{
"status": "affected",
"version": "8.24.83"
},
{
"status": "affected",
"version": "8.24.84"
},
{
"status": "affected",
"version": "8.24.85"
},
{
"status": "affected",
"version": "8.24.86"
},
{
"status": "affected",
"version": "8.24.87"
},
{
"status": "affected",
"version": "8.24.88"
},
{
"status": "affected",
"version": "8.24.89"
},
{
"status": "affected",
"version": "8.24.90"
},
{
"status": "affected",
"version": "8.24.91"
},
{
"status": "affected",
"version": "8.24.92"
},
{
"status": "affected",
"version": "8.24.93"
},
{
"status": "affected",
"version": "8.24.94"
},
{
"status": "affected",
"version": "8.24.95"
},
{
"status": "affected",
"version": "8.24.96"
},
{
"status": "affected",
"version": "8.24.97"
},
{
"status": "unaffected",
"version": "8.20.105"
},
{
"status": "unaffected",
"version": "8.24.98"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mtzsec (VulDB User)"
},
{
"lang": "en",
"type": "reporter",
"value": "Dante Michelon (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in Qualitor up to 8.20.104/8.24.97. Affected by this vulnerability is the function eval of the file /html/st/stdeslocamento/request/getResumo.php. Performing a manipulation of the argument passageiros results in code injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. Upgrading to version 8.20.105 and 8.24.98 addresses this issue. Upgrading the affected component is advised."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T06:38:48.473Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-333796 | Qualitor getResumo.php eval code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.333796"
},
{
"name": "VDB-333796 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.333796"
},
{
"name": "Submit #691251 | Qualitor Qualitor Web 8.20/8.24 Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.691251"
},
{
"name": "Submit #704314 | Qualitor Software e Serv. em Inf. S.A. Qualitor 8.20/8.24 Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.704314"
},
{
"tags": [
"exploit",
"media-coverage"
],
"url": "https://www.youtube.com/watch?v=hU8YbFc6KpI"
},
{
"tags": [
"related"
],
"url": "https://www.qualitor.com.br/official-security-advisory-cve-2025-13792"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-11-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-29T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-12-01T00:00:00.000Z",
"value": "Countermeasure disclosed"
},
{
"lang": "en",
"time": "2025-12-01T22:03:43.000Z",
"value": "VulDB entry last update"
}
],
"title": "Qualitor getResumo.php eval code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-13792",
"datePublished": "2025-11-30T16:02:05.632Z",
"dateReserved": "2025-11-29T20:36:29.802Z",
"dateUpdated": "2026-02-24T06:38:48.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Strategy: Refactoring
Description:
- Refactor your program so that you do not have to dynamically generate code.
Mitigation
Phase: Architecture and Design
Description:
- Run your code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which code can be executed by your product.
- Examples include the Unix chroot jail and AppArmor. In general, managed code may provide some protection.
- This may not be a feasible solution, and it only limits the impact to the operating system; the rest of your application may still be subject to compromise.
- Be careful to avoid CWE-243 and other weaknesses related to jails.
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of code injection, use stringent allowlists that limit which constructs are allowed. If you are dynamically constructing code that invokes a function, then verifying that the input is alphanumeric might be insufficient. An attacker might still be able to reference a dangerous function that you did not intend to allow, such as system(), exec(), or exit().
Mitigation
Phase: Testing
Description:
- Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
Mitigation ID: MIT-32
Phase: Operation
Strategy: Compilation or Build Hardening
Description:
- Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation ID: MIT-32
Phase: Operation
Strategy: Environment Hardening
Description:
- Run the code in an environment that performs automatic taint propagation and prevents any command execution that uses tainted variables, such as Perl's "-T" switch. This will force the program to perform validation steps that remove the taint, although you must be careful to correctly validate your inputs so that you do not accidentally mark dangerous inputs as untainted (see CWE-183 and CWE-184).
Mitigation
Phase: Implementation
Description:
- For Python programs, it is frequently encouraged to use the ast.literal_eval() function instead of eval, since it is intentionally designed to avoid executing code. However, an adversary could still cause excessive memory or stack consumption via deeply nested structures [REF-1372], so the python documentation discourages use of ast.literal_eval() on untrusted data [REF-1373].
CAPEC-242: Code Injection
An adversary exploits a weakness in input validation on the target to inject new code into that which is currently executing. This differs from code inclusion in that code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-77: Manipulating User-Controlled Variables
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.