CVE-2021-47978 | ProcessMaker up to 3.5.4 filename control (Exploit 50229)

Inserito da Angelo Barbosa | Mag 16, 2026 | CVE

A vulnerability was found in ProcessMaker up to 3.5.4. It has been classified as problematic. Impacted is an unknown function. This manipulation causes improper control of filename for include/require statement in php program (‘php remote file inclusion’).

The identification of this vulnerability is CVE-2021-47978. The attack can only be executed locally. Furthermore, there is an exploit available.

CVE-2021-47978 | ProcessMaker up to 3.5.4 filename control (Exploit 50229)

Post correlati

CVE-2024-7423 | xwp Stream Plugin up to 4.0.1 on WordPress network_options_action cross-site request forgery

CVE-2024-26138 | xwikisas application-licensing up to 1.24.1 authorization

CVE-2025-40733 | Daily Expense Manager 1.0 /login.php Username cross site scripting

CVE-2024-29905 | DIRACGrid DIRAC up to 8.0.40 /tmp/x509up_uNNNN exposure of resource