PT-2026-6822

Name of the Vulnerable Software and Affected Versions eLection version 2.0 Description The software contains an authenticated SQL injection issue in the candidate management endpoint. Attackers can manipulate database queries through the id parameter. Exploitation can be performed using SQLMap,...

CVE-2021-47758 Chikitsa Patient Management System 2.0.2 - Remote Code Execution (RCE) (Authenticated)

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...

Hundred Plus EIP Plus 代码问题漏洞

Hundred Plus EIP Plus is an enterprise management software from Hundred Plus Ares Hundred Plus of Taiwan, China. Hundred Plus EIP Plus suffers from a code issue vulnerability that originates from allowing a privileged remote attacker to upload and execute a web backdoor that could lead to the...

EUVD-2012-6583

Malware in sbrugna...

EUVD-2022-15771

Malicious code in bioql PyPI...

EUVD-2021-34083

Malicious code in bioql PyPI...

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

CVE-2012-10042 Sflog! CMS 1.0 Arbitrary File Upload RCE

Sflog! CMS 1.0 contains an authenticated arbitrary file upload vulnerability in the blog management interface. The application ships with default credentials admin:secret and allows authenticated users to upload files via manage.php. The upload mechanism fails to validate file types, enabling...

PT-2025-32395 · Unknown · Sflog! Cms

Name of the Vulnerable Software and Affected Versions: Sflog! CMS version 1.0 Description: Sflog! CMS version 1.0 contains an authenticated arbitrary file upload issue in the blog management interface. The application includes default credentials admin:secret and permits authenticated users to...

CVE-2013-1916

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called executed even if the photo has not been yet approved...

📄 flatCore 1.5.5 Shell Upload

flatCore version 1.5.5 suffers from a remote shell upload vulnerability. Exploit Title: flatCore Arbitrary .php File Upload via acp/acp.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS...

MagnusBilling 6.x Code Injection

============================================================================================================================================= | Title : MagnusBilling 6.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bit...

FeehiCMS 代码问题漏洞

FeehiCMS is a content management system CMS based on the Yii2 framework, aiming to provide Yii2 enthusiasts with a full-featured CMS system so that developers can focus more on the development of business functions. A security vulnerability exists in FeehiCMS. The vulnerability is related to the...

Cross-Site Scripting (XSS) vulnerabilities in Neos

It has been discovered that Neos is vulnerable to several XSS attacks. Through these vulnerabilities, an attacker could tamper with page rendering, redirect victims to a fake login page, or capture user credentials such as cookies. With the potential backdoor upload an attacker could gain access ...

PT-2024-40122 · Neos · Neos

Name of the Vulnerable Software and Affected Versions: Neos versions 2.0.x Description: The issue allows for several XSS attacks, enabling an attacker to tamper with page rendering, redirect victims to a fake login page, or capture user credentials. An attacker could also gain access to the serve...

Code injection

BlackVue DR750-2CH LTE v.1.0122022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution...

CVE-2013-1916

In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called executed even if the photo has not been yet approved...

Remote Command Execution Vulnerability in Zhiyuan A8+ Collaboration Management Software

Zhiyuan Internet is a provider of collaboration management software and cloud services in China, specializing in the field of collaboration management software. A remote command execution vulnerability exists in Zhiyuan A8+ collaboration management software. An attacker can Getshell the target...

Command Execution Vulnerability in PHPSHE B2C Mall System v1.5

PHPSHE online shopping mall system provides users with a low-cost, high-efficiency online shopping mall construction program. A command execution vulnerability exists in PHPSHE B2C Mall System v1.5. Attackers can use this vulnerability to execute commands, such as arbitrarily deleting files,...

Liyang Jinlong Network Service Co., Ltd. website building system has XSS, ultra vires access vulnerabilities

Ltd. is a brand network company integrating creativity, planning, service and sales. There are XSS and transgression access vulnerabilities in the website building system of Liyang Golden Dragon Network Service Co. Attackers can use this vulnerability to insert XSS cross-site code in the message...