200 matches found
PT-2026-4504
Name of the Vulnerable Software and Affected Versions Textpattern versions prior to 4.8.3 Description Textpattern allows authenticated users to upload malicious PHP files, leading to remote code execution. An attacker can upload a PHP file containing a shell command execution payload and then...
PT-2026-4517
Name of the Vulnerable Software and Affected Versions PhreeBooks version 5.2.3 Description PhreeBooks version 5.2.3 has a flaw in the Image Manager related to file uploads. An authenticated attacker can upload a malicious PHP web shell due to unrestricted file type uploads, potentially leading to...
CVE-2022-50898
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...
CVE-2022-50898
NanoCMS 0.4 is affected by an authenticated file upload vulnerability that enables remote code execution through the page content creation feature. The root cause is lack of input sanitization when uploading PHP files to the server’s pages directory, which can be exploited after authentication. R...
WBCE CMS 代码问题漏洞
WBCE CMS is WBCE CMS open source an open source content management system CMS based on PHP and MySQL. A code issue vulnerability exists in WBCE CMS version 1.5.2, which originates from an authenticated attacker who can upload a malicious droplet via the admin panel, potentially leading to remote...
PT-2026-2374
NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...
emlog 代码问题漏洞
emlog is emlog open source PHP and MySQL based CMS site building system . emlog v2.6.1 and previous versions of the code problem vulnerability , the vulnerability stems from the REST API endpoints do not implement proper validation of file types , extensions and content , which could lead to an...
SweetRice-CMS-1.5.1-RCE-Exploit
SweetRice CMS 1.5.1 RCE Exploit Overview SweetRice CMS 1.5...
EUVD-2026-0902
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2023-53952
Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...
CVE-2023-53956
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...
CVE-2023-53956 Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...
CVE-2023-53942
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...
CVE-2023-53942
CVE-2023-53942 affects File Thingie 2.5.7. The issue is an authenticated file upload vulnerability: attackers can upload PHP zip archives, unzip them, and execute arbitrary system commands via a crafted PHP script with a command parameter. PT-2025-52321 notes the vulnerability requires minimal au...
CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution
File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...
File Thingie 安全漏洞
File Thingie is a file manager by the individual developer Frances Leese. A security vulnerability exists in File Thingie version 2.5.7, which stems from an authenticated file upload vulnerability that could lead to the execution of arbitrary system commands...
GHSA-M4F2-XPFQ-H97V Pagekit CMS is vulnerable to OS Command Injection via Storage component
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...
Pagekit CMS is vulnerable to OS Command Injection via Storage component
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...
CVE-2025-66449
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...
CVE-2025-67164
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file...