Authentication Bypass

php-horde-gollem is vulnerable to authentication bypass. The File Manager gollem module allows remote attackers to bypass Horde authentication for file downloads via a malicious fn parameter that corresponds to the exact filename...

CMS Made Simple 2.2.15 Cross Site Scripting

Exploit Title: CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload Authenticated Date: 04/12/2020 Exploit Author: Eshan Singh Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads Version: cmsms v2.2.15 Tested on: Windows/Kali...

WordPress Plugin Wp-FileManager 6.8 - RCE

Exploit Title: WordPress Plugin Wp-FileManager 6.8 - RCE Date: September 4,2020 Exploit Author: Mansoor R @time4ster CVE: CVE-2020-25213 Version Affected: 6.0 to 6.8 Vendor URL: https://wordpress.org/plugins/wp-file-manager/ Patch: Upgrade to wp-file-manager 6.9 or above Tested on: wp-file-manage...

WordPress Secure File Manager plugin <= 2.5 - Authenticated Remote Command Execution (RCE) vulnerability

Authenticated Remote Command Execution RCE vulnerability found by NinTechNet in WordPress Secure File Manager plugin versions = 2.5. Solution The plugin has been removed from the wordpress.org plugin repository. We highly recommend deleting this plugin from your WordPress sites. wordpress.org...

Secure File Manager < 2.8.2 - Authenticated Remote Command Execution

The Secure File Manager uses the elFinder libraries in an insecure way, allowing authenticated users to execute arbitrary file management commands. v2.6 attempted to fix the issue by adding a CSRF nonce, however the nonce is displayed for all users in the Dashboard via the Secure File Manager men...

Secure File Manager < 2.8.2 - Authenticated Remote Command Execution

The Secure File Manager uses the elFinder libraries in an insecure way, allowing authenticated users to execute arbitrary file management commands. v2.6 attempted to fix the issue by adding a CSRF nonce, however the nonce is displayed for all users in the Dashboard via the Secure File Manager men...

HorizontCMS 1.0.0-beta Shell Upload Exploit

This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileuploa...

Metasploit Wrap-Up

SaltStack RCE wvu-r7 added an exploit module that targets SaltStack’s Salt software. Specifically, the module exploits both an authentication bypass CVE-2020-25592 and a command injection vulnerability CVE-2020-16846 in SaltStack’s REST API to get code execution as root through Salt’s SSH client ...

WordPress File Manager Unauthenticated Remote Code Execution

The File Manager wp-file-manager plugin from 6.0 to 6.8 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or mkfile...

WordPress File Manager 6.8 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress File Manager Unauthenticated Remote Code Execution', 'Description' = %q The File Manager wp-file-manager plugin from 6.0 to 6.8 for...

WordPress File Manager 6.8 Remote Code Execution Exploit

The WordPress File Manager wp-file-manager plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload or...

PT-2020-16680 · Horizontcms · Horizontcms

Name of the Vulnerable Software and Affected Versions: HorizontCMS versions prior to 1.0.0-beta patched, but version number remains the same Description: The issue allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code. This is achieved by...

Wordpress EZ-done File Manager Remote File Upload Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A remote file upload vulnerability exists in Wordpress EZ-done File Manager. An attacker ca...

File Manager Plugin for WordPress < 6.5 Sensitive File Disclosure

The WordPress File Manager Plugin installed on the remote host is affected by a sensitive file disclosure vulnerability. An unauthenticated user could browse and download any site backups. Note that the scanner has not tested for these issues but has instead relied only on the application's...

CVE-2019-14719

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager...

CVE-2019-14719

CVE-2019-14719 affects Verifone MX900 series Pinpad Payment Terminals running OS 30251000, where the file manager enables multiple arbitrary command injections due to the underlying issue described in the CVE. The vulnerability is documented with local attack vector and high impact on confidentia...

CVE-2019-14719

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager...

CS-Cart 1.3.3 - authenticated RCE

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

CS-Cart 1.3.3 Remote Code Execution

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

File Upload Vulnerability in FastAdmin Fileix File Manager Backend

FastAdmin Fileix file manager is webix based file manager build, Fileix has an intuitive interface that allows you to work with any of your files or folders. A file upload vulnerability exists in the backend of FastAdmin Fileix File Manager. An attacker can exploit this vulnerability to upload...