Lucene search
K

200 matches found

ptsecurity
ptsecurity
added 2026/01/23 12:0 a.m.9 views

PT-2026-4504

Name of the Vulnerable Software and Affected Versions Textpattern versions prior to 4.8.3 Description Textpattern allows authenticated users to upload malicious PHP files, leading to remote code execution. An attacker can upload a PHP file containing a shell command execution payload and then...

8.8CVSS6.5AI score0.00602EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/01/23 12:0 a.m.10 views

PT-2026-4517

Name of the Vulnerable Software and Affected Versions PhreeBooks version 5.2.3 Description PhreeBooks version 5.2.3 has a flaw in the Image Manager related to file uploads. An authenticated attacker can upload a malicious PHP web shell due to unrestricted file type uploads, potentially leading to...

8.8CVSS6.4AI score0.00614EPSS
Exploits0References7
osv
osv
added 2026/01/13 11:15 p.m.3 views

CVE-2022-50898

NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...

8.6CVSS6.6AI score0.01112EPSS
Exploits1References4
cve
cve
added 2026/01/13 10:51 p.m.21 views

CVE-2022-50898

NanoCMS 0.4 is affected by an authenticated file upload vulnerability that enables remote code execution through the page content creation feature. The root cause is lack of input sanitization when uploading PHP files to the server’s pages directory, which can be exploited after authentication. R...

8.8CVSS8AI score0.01112EPSS
Exploits1References4Affected Software1
cnnvd
cnnvd
added 2026/01/13 12:0 a.m.4 views

WBCE CMS 代码问题漏洞

WBCE CMS is WBCE CMS open source an open source content management system CMS based on PHP and MySQL. A code issue vulnerability exists in WBCE CMS version 1.5.2, which originates from an authenticated attacker who can upload a malicious droplet via the admin panel, potentially leading to remote...

8.8CVSS6.2AI score0.00785EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/01/13 12:0 a.m.6 views

PT-2026-2374

NanoCMS 0.4 contains an authenticated file upload vulnerability that allows remote code execution through unvalidated page content creation. Authenticated attackers can upload PHP files with arbitrary code to the server's pages directory by exploiting the page creation mechanism without proper...

8.8CVSS8.3AI score0.01112EPSS
Exploits1References5
cnnvd
cnnvd
added 2026/01/12 12:0 a.m.6 views

emlog 代码问题漏洞

emlog is emlog open source PHP and MySQL based CMS site building system . emlog v2.6.1 and previous versions of the code problem vulnerability , the vulnerability stems from the REST API endpoints do not implement proper validation of file types , extensions and content , which could lead to an...

9.3CVSS7.8AI score0.00627EPSS
Exploits1References2
githubexploit
githubexploit
added 2026/01/11 7:48 p.m.537 views

SweetRice-CMS-1.5.1-RCE-Exploit

SweetRice CMS 1.5.1 RCE Exploit Overview SweetRice CMS 1.5...

7.8AI score
Exploits0
euvd
euvd
added 2026/01/05 8:18 a.m.6 views

EUVD-2026-0902

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

8.8CVSS7.8AI score0.00437EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/12/22 7:21 a.m.8 views

CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

8.8CVSS8.6AI score0.00969EPSS
Exploits1References1
nvd
nvd
added 2025/12/19 9:15 p.m.5 views

CVE-2023-53956

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...

8.8CVSS0.00663EPSS
Exploits0References3
cvelist
cvelist
added 2025/12/19 9:5 p.m.26 views

CVE-2023-53956 Flatnux 2021-03.25 Authenticated File Upload Remote Code Execution

Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server...

8.8CVSS0.00663EPSS
Exploits0References3
nvd
nvd
added 2025/12/18 8:15 p.m.6 views

CVE-2023-53942

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

9.4CVSS0.00497EPSS
Exploits1References3
cve
cve
added 2025/12/18 7:53 p.m.12 views

CVE-2023-53942

CVE-2023-53942 affects File Thingie 2.5.7. The issue is an authenticated file upload vulnerability: attackers can upload PHP zip archives, unzip them, and execute arbitrary system commands via a crafted PHP script with a command parameter. PT-2025-52321 notes the vulnerability requires minimal au...

9.4CVSS7.4AI score0.00497EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2025/12/18 7:53 p.m.27 views

CVE-2023-53942 File Thingie 2.5.7 Authenticated Arbitrary File Upload Remote Code Execution

File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom PHP payload, upload and unzip it, and then execute arbitrary system commands through a crafted PHP script with ...

9.4CVSS0.00497EPSS
Exploits1References3
cnnvd
cnnvd
added 2025/12/18 12:0 a.m.3 views

File Thingie 安全漏洞

File Thingie is a file manager by the individual developer Frances Leese. A security vulnerability exists in File Thingie version 2.5.7, which stems from an authenticated file upload vulnerability that could lead to the execution of arbitrary system commands...

9.4CVSS6.9AI score0.00497EPSS
Exploits1References3
osv
osv
added 2025/12/17 6:31 p.m.7 views

GHSA-M4F2-XPFQ-H97V Pagekit CMS is vulnerable to OS Command Injection via Storage component

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...

9.9CVSS7.7AI score0.0045EPSS
Exploits1References3
github
github
added 2025/12/17 6:31 p.m.8 views

Pagekit CMS is vulnerable to OS Command Injection via Storage component

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file. The project is archived as of December 1, 2023...

9.9CVSS7.9AI score0.0045EPSS
Exploits1References3Affected Software1
redhatcve
redhatcve
added 2025/12/17 12:55 a.m.8 views

CVE-2025-66449

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

8.8CVSS7.6AI score0.00673EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/12/17 12:0 a.m.3 views

CVE-2025-67164

An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file...

7.4AI score0.0045EPSS
Exploits1References1
Rows per page
Query Builder