CVE-2020-37054

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...

CVE-2020-37054

Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrators into executing arbitrary file uploads by leveraging the extension upload functionality without...

CVE-2020-37054

Navigate CMS 2.8.7 is affected by a cross-site request forgery that enables attackers to upload malicious extensions via the extension upload feature. The underlying issue allows an attacker to trick authenticated administrators into executing arbitrary file uploads through a crafted HTML page, u...

PT-2026-5491

Name of the Vulnerable Software and Affected Versions Navigate CMS version 2.8.7 Description Navigate CMS 2.8.7 is susceptible to a cross-site request forgery condition. This allows attackers to upload malicious extensions through a specially crafted HTML page. An attacker can deceive authenticat...

CVE-2025-66022

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...

CVE-2025-66022 FACTION Unauthenticated Custom Extension Upload leads to RCE

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to version 1.7.1, an extension execution path in Faction’s extension framework permits untrusted extension code to execute arbitrary system commands on the server when a lifecycle hook is invoked, resulting in remote cod...

EUVD-2022-5664

Malicious code in bioql PyPI...

OpenCart Path Traversal

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process upload, install, unzip, move, xml, remove that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name containing 10 rand...

WordPress plugin Download Manager 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue exists in WordPress plugin...

Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link:...

Navigate CMS 2.8.7 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Navigate CMS 2.8.7 - Cross-Site Request Forgery Add Admin Date: 2020-06-04 Exploit Author: Gus Ralph Vendor Homepage: https://www.navigatecms.com/en/home Software Link: https://sourceforge.net/projects/navigatecms/files/releases/navigate-2.8.7r1401.zip/download Version: 2.8.7 Teste...

CVE-2019-16514

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...

Directory traversal

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process upload, install, unzip, move, xml, remove that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name containing 10 rand...

CVE-2018-11494

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process upload, install, unzip, move, xml, remove that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name containing 10 rand...

CVE-2018-11494

The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process upload, install, unzip, move, xml, remove that allows attackers to execute arbitrary code if the remove step is skipped, because the attacker can discover a secret temporary directory name containing 10 rand...

PhpCollab Arbitrary Code Execution Vulnerability

phpCollab is a Chinese plug-in support for project development management software . An arbitrary code execution vulnerability exists in PhpCollab. An attacker can execute arbitrary code by uploading a file with an executable extension...

SugarCRM Incomplete Blacklist Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. An incomplete...

EggBlog 4.1.1 - Local Directory Traversal

!/usr/bin/perl eggBlog agent'Lynx textmode'; $lib-timeout5; $response = $lib-get"http://$domain/lib/openwysiwyg/addons/imagelibrary/selectimage.php?dir=$param"; @director = $response-content = /.+?/ig;...

CVE-2007-6642

Multiple cross-site request forgery CSRF vulnerabilities in Joomla! before 1.5 RC4 allow remote attackers to 1 add a Super Admin, 2 upload an extension containing arbitrary PHP code, and 3 modify the configuration as administrators via unspecified vectors...