egix@karmainsecurity ~ $

Research

- 2024
GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
XenForo <= 2.2.15 (Template System) Remote Code Execution Vulnerability
XenForo <= 2.2.15 (Widget::actionSave) Cross-Site Request Forgery Vulnerability
Cacti <= 1.2.26 (import.php) Remote Code Execution Vulnerability
Invision Community <= 4.7.16 (toolbar.php) Remote Code Execution Vulnerability
Invision Community <= 4.7.15 (store.php) SQL Injection Vulnerability
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability

+ 2023
PKP-WAL <= 3.4.0-3 (NativeImportExportPlugin) Remote Code Execution Vulnerability
ISPConfig <= 3.2.11 (language_edit.php) PHP Code Injection Vulnerability
phpFox <= 4.8.13 (redirect) PHP Object Injection Vulnerability
SugarCRM <= 13.0.1 (set_note_attachment) Unrestricted File Upload Vulnerability
SugarCRM <= 13.0.1 (GetControl) Server-Side Template Injection Vulnerability
CrafterCMS <= 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities
SugarCRM <= 12.2.0 Two SQL Injection Vulnerabilities
SugarCRM <= 12.2.0 (Docusign_GlobalSettings) PHP Object Injection Vulnerability
SugarCRM <= 12.2.0 (updateGeocodeStatus) Bean Manipulation Vulnerability
SugarCRM <= 12.2.0 (Notes) Unrestricted File Upload Vulnerability
Tiki Wiki CMS Groupware <= 24.1 (tikiimporter_blog_wordpress.php) PHP Object Injection Vulnerability
Tiki Wiki CMS Groupware <= 24.0 (grid.php) PHP Object Injection Vulnerability
Tiki Wiki CMS Groupware <= 24.0 (structlib.php) PHP Code Injection Vulnerability
Tiki Wiki CMS Groupware <= 25.0 Two Cross-Site Request Forgeries Vulnerabilities

+ 2022
Drupal H5P Module <= 2.0.0 (isValidPackage) Zip Slip Vulnerability
Joomla! <= 4.1.0 (Tar.php) Zip Slip Vulnerability
ImpressCMS <= 1.4.3 (findusers.php) SQL Injection Vulnerability
ImpressCMS <= 1.4.2 (findusers.php) Incorrect Access Control Vulnerability
ImpressCMS <= 1.4.2 (image-edit.php) Path Traversal Vulnerability
ImpressCMS <= 1.4.2 (autologin.php) Authentication Bypass Vulnerability

+ 2021
Concrete5 <= 8.5.5 (Logging Settings) Phar Deserialization Vulnerability
IPS Community Suite <= 4.5.4.2 (previewBlock) PHP Code Injection Vulnerability
ExpressionEngine <= 6.0.2 (Translate::save) PHP Code Injection Vulnerability
docsify <= 4.12.0 DOM-based Cross-Site Scripting Vulnerability
IPS Community Suite <= 4.5.4 (Downloads REST API) SQL Injection Vulnerability

+ 2020
qdPM <= 9.1 (executeExport) PHP Object Injection Vulnerability
SugarCRM < 10.1.0 (Reports Export) SQL Injection Vulnerability
SugarCRM < 10.1.0 Multiple Reflected Cross-Site Scripting Vulnerabilities
openSIS <= 7.4 Multiple SQL Injection Vulnerabilities
openSIS <= 7.4 (Bottom.php) Local File Inclusion Vulnerability
openSIS <= 7.4 Incorrect Access Control Vulnerabilities
SuiteCRM <= 7.11.10 Multiple SQL Injection Vulnerabilities
SuiteCRM <= 7.11.11 (add_to_prospect_list) Broken Access Control Vulnerability
SuiteCRM <= 7.11.11 (action_saveHTMLField) Bean Manipulation Vulnerability
SuiteCRM <= 7.11.11 Multiple Phar Deserialization Vulnerabilities
SuiteCRM <= 7.11.11 Second-Order PHP Object Injection Vulnerabilities

+ 2019
YouPHPTube <= 7.7 (getChat.json.php) SQL Injection Vulnerability
SugarCRM <= 9.0.1 Multiple Phar Deserialization Vulnerabilities
SugarCRM <= 9.0.1 Multiple PHP Object Injection Vulnerabilities
SugarCRM <= 9.0.1 Multiple PHP Code Injection Vulnerabilities
SugarCRM <= 9.0.1 Multiple Path Traversal Vulnerabilities
SugarCRM <= 9.0.1 Multiple Broken Access Control Vulnerabilities
SugarCRM <= 9.0.1 Multiple SQL Injection Vulnerabilities
SugarCRM <= 9.0.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Vulnerability
vBulletin <= 5.5.4 Two SQL Injection Vulnerabilities

+ 2018
SugarCRM (Web Logic Hooks module) Path Traversal Vulnerability
SugarCRM (Web Logic Hooks module) PHP Code Injection Vulnerability
SugarCRM (addLabels) PHP Code Injection Vulnerability
SugarCRM (SaveDropDown) PHP Code Injection Vulnerability
SugarCRM (ConnectorsController) Server-Side Request Forgery Vulnerability
SugarCRM (portal_get_related_notes) SQL Injection Vulnerability
SugarCRM (WorkFlow module) PHP Code Injection Vulnerability
Oracle Application Express (AnyChart) Flash-based Cross-Site Scripting Vulnerability

+ 2017
Tuleap <= 9.6 Second-Order PHP Object Injection Vulnerability
PEAR HTML_AJAX <= 0.5.7 (PHP Serializer) PHP Object Injection Vulnerability

+ 2016
Piwik <= 2.16.0 (saveLayout) PHP Object Injection Vulnerability
Symantec Web Gateway <= 5.2.2 (new_whitelist.php) OS Command Injection Vulnerability
IPS Community Suite <= 4.1.12.3 Autoloaded PHP Code Injection Vulnerability
Concrete5 <= 5.7.3.1 (Application::dispatch) Local File Inclusion Vulnerability
Concrete5 <= 5.7.3.1 Multiple Stored Cross-Site Scripting Vulnerabilities
Concrete5 <= 5.7.3.1 Multiple Cross-Site Request Forgeries Vulnerabilities
SugarCRM <= 6.5.23 (SugarRestSerialize.php) PHP Object Injection Vulnerability
SugarCRM <= 6.5.18 (MySugar::addDashlet) Insecure fopen() Usage Vulnerability
SugarCRM <= 6.5.18 Two PHP Code Injection Vulnerabilities
SugarCRM <= 6.5.18 Missing Authorization Check Vulnerabilities
SugarCRM <= 6.5.18 (SAML Authentication) XML External Entity Vulnerability
Magento <= 1.9.2.2 (RSS Feed) Information Disclosure Vulnerability
CakePHP <= 3.2.0 “_method” CSRF Protection Bypass Vulnerability

+ 2015
Piwik <= 2.14.3 (DisplayTopKeywords) PHP Object Injection Vulnerability
Piwik <= 2.14.3 (viewDataTable) Autoloaded File Inclusion Vulnerability
ATutor <= 2.2 (edit_marks.php) PHP Code Injection Vulnerability
ATutor <= 2.2 (popuphelp.php) Reflected Cross-Site Scripting Vulnerability
ATutor <= 2.2 (confirm.php) Session Variable Overloading Vulnerability
ATutor <= 2.2 (Custom Course Icon) Unrestricted File Upload Vulnerability
Magento <= 1.9.2 (catalogProductCreate) Autoloaded File Inclusion Vulnerability
Concrete5 <= 5.7.4 (Access.php) SQL Injection Vulnerability
Concrete5 <= 5.7.3.1 Multiple Reflected Cross-Site Scripting Vulnerabilities
Concrete5 <= 5.7.3.1 (sendmail) Remote Code Execution Vulnerability

+ 2014
Symantec Web Gateway <= 5.2.1 (restore.php) OS Command Injection Vulnerability
Mantis Bug Tracker <= 1.2.17 (ImportXml.php) PHP Code Injection Vulnerability
GetSimple CMS <= 3.3.4 (api.php) XML External Entity Vulnerability
Osclass <= 3.4.2 (contact.php) Unrestricted File Upload Vulnerability
Osclass <= 3.4.2 (ajax.php) Local File Inclusion Vulnerability
Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
Tuleap <= 7.6-4 (register.php) PHP Object Injection Vulnerability
TestLink <= 1.9.12 (database.class.php) Path Disclosure Weakness
TestLink <= 1.9.12 (execSetResults.php) PHP Object Injection Vulnerability
X2Engine <= 4.1.7 (FileUploadsFilter.php) Unrestricted File Upload Vulnerability
X2Engine <= 4.1.7 (SiteController.php) PHP Object Injection Vulnerability
OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability
Dotclear <= 2.6.2 (categories.php) SQL Injection Vulnerability
Dotclear <= 2.6.2 (Media Manager) Unrestricted File Upload Vulnerability
Dotclear <= 2.6.2 (XML-RPC Interface) Authentication Bypass Vulnerability
X2Engine <= 3.7.5 (ProfileController.php) Unrestricted File Upload Vulnerability
Open Web Analytics <= 1.5.6 (queue.php) PHP Object Injection Vulnerability
Zikula Application Framework <= 1.3.6 Multiple PHP Object Injection Vulnerabilities
OpenPNE <= 3.8.9 (opSecurityUser.class.php) PHP Object Injection Vulnerability

+ 2013
Sharetronix <= 3.1.1 (AJAX Services) Authentication Bypass Vulnerability
Sharetronix <= 3.1.1 Cross-Site Request Forgery Vulnerability
Sharetronix <= 3.1.1 (signup.php) Two SQL Injection Vulnerabilities
Sharetronix <= 3.1.1 (attachments.php) Unrestricted File Upload Vulnerability
Sharetronix <= 3.1.1 Two PHP Code Injection Vulnerabilities
openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability
Vanilla Forums <= 2.0.18.5 (class.utilitycontroller.php) PHP Object Injection Vulnerability
vtiger CRM <= 5.4.0 (SOAP Services) Authentication Bypass Vulnerability
vtiger CRM <= 5.4.0 (vtigerolservice.php) PHP Code Injection Vulnerability
vtiger CRM <= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities
vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities
Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability
Joomla! <= 3.0.2 (highlight.php) PHP Object Injection Vulnerability
CubeCart <= 5.2.0 (cubecart.class.php) PHP Object Injection Vulnerability
DataLife Engine 9.7 (preview.php) PHP Code Injection Vulnerability

+ 2012
Invision Power Board <= 3.3.4 (core.php) PHP Object Injection Vulnerability
Tiki Wiki CMS Groupware <= 9.2 Multiple PHP Object Injection Vulnerabilities
Tiki Wiki CMS Groupware <= 8.3 Multiple Path Disclosure Weaknesses
SugarCRM <= 6.3.1 Multiple PHP Object Injection Vulnerabilities
OpenConf <= 4.11 (author/edit.php) SQL Injection Vulnerability
WebCalendar <= 1.2.4 (install/index.php) PHP Code Injection Vulnerability
WebCalendar <= 1.2.4 (pref.php) Local File Inclusion Vulnerability
phpFox <= 3.0.1 (module.class.php) OS Command Injection Vulnerability
WordPress Kish Guest Posting <= 1.2 (uploadify.php) Unrestricted File Upload Vulnerability
appRain CMF <= 0.1.5 (uploadify.php) Unrestricted File Upload Vulnerability

+ 2011
Tiki Wiki CMS Groupware <= 8.2 (snarf_ajax.php) PHP Code Injection Vulnerability
Traq <= 2.3 (admincp/common.php) Authentication Bypass / PHP Code Injection Vulnerability
WikkaWiki <= 1.3.2 (actions/usersettings/usersettings.php) SQL Injection Vulnerability
WikkaWiki <= 1.3.2 (actions/files/files.php) Unrestricted File Upload Vulnerability
WikkaWiki <= 1.3.2 (handlers/files.xml/files.xml.php) Path Traversal Vulnerability
WikkaWiki <= 1.3.2 (libs/Wakka.class.php) PHP Code Injection Vulnerability
WikkaWiki <= 1.3.2 Cross-Site Request Forgery Vulnerability
PmWiki <= 2.2.34 (pagelist.php) PHP Code Injection Vulnerability
Support Incident Tracker <= 3.65 (translate.php) PHP Code Injection Vulnerability
Support Incident Tracker <= 3.65 (translate.php) Path Disclosure Weakness
FreeWebshop <= 2.2.9 R2 (ajax_save_name.php) PHP Code Injection Vulnerability
WordPress Zingiri Web Shop <= 2.2.3 (ajax_save_name.php) PHP Code Injection Vulnerability
Zenphoto <= 1.4.1.4 (ajax_create_folder.php) PHP Code Injection Vulnerability
phpMyFAQ <= 2.7.0 (ajax_create_folder.php) PHP Code Injection Vulnerability
aidiCMS v3.55 (ajax_create_folder.php) PHP Code Injection Vulnerability
Ajax File and Image Manager v1.0 (ajax_create_folder.php) PHP Code Injection Vulnerability
eFront <= 3.6.10 (save_template.php) PHP Code Injection Vulnerability
eFront <= 3.6.10 (filesystem.class.php) Unrestricted File Upload Vulnerability
eFront <= 3.6.10 (periodic_updater.php) SQL Injection Vulnerability
eFront <= 3.6.10 (LMSFunctions.php) SQL Injection Vulnerability
eFront <= 3.6.10 (send_notifications.php) SQL Injection Vulnerability
eFront <= 3.6.10 (index.php) Authentication Bypass / Privilege Escalation Vulnerability
eFront <= 3.6.10 (student.php) PHP Code Injection Vulnerability
phpLDAPadmin <= 1.2.1.1 (lib/functions.php) PHP Code Injection Vulnerability
Dolphin <= 7.0.7 (member_menu_queries.php) PHP Code Injection Vulnerability
Feed on Feeds <= 0.5 (fof-main.php) PHP Code Injection Vulnerability
JAKCMS PRO <= 2.2.5 (session.php) Session Variable Overloading Vulnerability
JAKCMS PRO <= 2.2.5 (action.php) Unrestricted File Upload Vulnerability
WeBid <= 1.0.2 (feedback.php) SQL Injection Vulnerability
WeBid <= 1.0.2 (logout.php) SQL Injection Vulnerability
WeBid <= 1.0.2 (user_login.php) SQL Injection Vulnerability
WeBid <= 1.0.2 (includes/converter.inc.php) PHP Code Injection Vulnerability
WeBid <= 1.0.2 (includes/messages.inc.php) Local File Inclusion Vulnerability

+ 2010
RoSPORA <= 1.5.0 (index.php) PHP Code Injection Vulnerability

+ 2009
QuiXplorer <= 2.3.2 (init.php) Local File Inclusion Vulnerability
TinyWebGallery <= 1.7.6 (init.php) Local File Inclusion Vulnerability
LightBlog <= 9.9.2 (register.php) PHP Code Injection Vulnerability
LightBlog <= 9.9.2 (check_user.php) Authentication Bypass / Local File Inclusion Vulnerability
Dokeos LMS <= 1.8.5 (tablesort.lib.php) PHP Code Injection Vulnerability
Lanius CMS <= 0.5.2 (upload.php) Unrestricted File Upload Vulnerability
PHPizabi v0.848b (modules/interact/file.php) Unrestricted File Upload Vulnerability

+ 2008
Nuke ET <= 3.4 (FCKEditor) Unrestricted File Upload Vulnerability
Mantis Bug Tracker <= 1.1.3 (utility_api.php) PHP Code Injection Vulnerability
PhpWebGallery <= 1.7.2 (comments.php) SQL Injection Vulnerability
PhpWebGallery <= 1.7.2 (event_list.php) PHP Code Injection Vulnerability
phpScheduleIt <= 1.2.11 (check.php) Multiple PHP Code Injection Vulnerabilities
phpScheduleIt <= 1.2.10 (reserve.php) Multiple PHP Code Injection Vulnerabilities
GdPicture Pro Imaging SDK <= 5.7.1 (gdpicturepro5s.ocx) Arbitrary File Overwrite Vulnerability
GdPicture Light Imaging Toolkit <= 4.7.1 (gdpicture4s.ocx) Arbitrary File Overwrite Vulnerability
PHP iCalendar <= 2.24 (admin/index.php) Unrestricted File Upload Vulnerability
Coppermine Photo Gallery <= 1.4.18 (include/functions.inc.php) Local File Inclusion Vulnerability
Coppermine Photo Gallery <= 1.4.18 (themes/sample/theme.php) Path Disclosure Weakness
Seagull PHP Framework <= 0.6.4 (FCKEditor) Unrestricted File Upload Vulnerability
PHPmotion <= 2.0 (update_profile.php) Unrestricted File Upload Vulnerability
PHPmotion <= 2.0 (play.php) SQL Injection Vulnerability
Flux CMS <= 1.5.0 (loadsave.php) Arbitrary File Overwrite Vulnerability
Achievo <= 1.3.2 (FCKEditor) Unrestricted File Upload Vulnerability
CMS from Scratch <= 1.1.3 (FCKEditor) Unrestricted File Upload Vulnerability
MercuryBoard <= 1.1.5 (func/login.php) SQL Injection Vulnerability
La-Nai CMS <= 1.2.16 (FCKEditor) Unrestricted File Upload Vulnerability
CMS Made Simple <= 1.2.4 (javaUpload.php) Unrestricted File Upload Vulnerability
DeluxeBB <= 1.2 (forums.php) SQL Injection Vulnerability
DeluxeBB <= 1.2 (admincp.php) PHP Code Injection Vulnerability
FLABER <= 1.1 (function/update_xml.php) Arbitrary File Overwrite Vulnerability
Drake CMS <= 0.4.11 (components/guestbook/guestbook.php) SQL Injection Vulnerability
Docebo <= 3.5.0.3 (doceboCore/lib/lib.regset.php) SQL Injection Vulnerability
Docebo <= 3.5.0.3 Multiple Path Disclosure Weaknesses
Site@School <= 2.3.10 (slideshow_full.php) SQL Injection Vulnerability

+ 2007
CMS Made Simple <= 1.2.2 (content_css.php) SQL Injection Vulnerability
ZeusCMS <= 0.3 (security.php) SQL Injection Vulnerability
ZeusCMS <= 0.3 (image_viewer.php) Information Disclosure Weakness
PMOS Help Desk <= 2.4 (form.php) PHP Code Injection Vulnerability
eSyndiCat Link Exchange Script (suggest-link.php) SQL Injection Vulnerability
Php-Stats 0.1.9.2 (php-stats.recjs.php) Multiple SQL Injection Vulnerabilities
Php-Stats 0.1.9.2 Multiple PHP Code Injection Vulnerabilities
LinPHA <= 1.3.1 (new_images.php) SQL Injection Vulnerability