#arbitrary-file-upload

[ follow ]
#freepbx #authentication-bypass #sql-injection #cybersecurity #wordpress #vulnerability #ti-woocommerce-wishlist
fromThe Hacker News
2 days ago

FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE

CVE-2025-61675 (CVSS score: 8.6) - Numerous authenticated SQL injection vulnerabilities impacting four unique endpoints (basestation, model, firmware, and custom extension) and 11 affected parameters that enable read and write access to the underlying SQL database CVE-2025-61678 (CVSS score: 8.6) - An authenticated arbitrary file upload vulnerability that allows an attacker to exploit the firmware upload endpoint to upload a PHP web shell after obtaining a valid PHPSESSID and run arbitrary commands to leak the contents of sensitive files (e.g., "/etc/passwd")
Information security
Web development
fromThe Hacker News
6 months ago

Over 100,000 WordPress Sites at Risk from Critical CVSS 10.0 Vulnerability in Wishlist Plugin

A critical unpatched vulnerability in the TI WooCommerce Wishlist plugin allows unauthenticated attackers to upload arbitrary files.
[ Load more ]