724 matches found
CVE-2025-15143
CVE-2025-15143 affects EyouCMS up to 1.7.6. The vulnerability is in /application/admin/logic/FilemanagerLogic.php (Backend Template Management) where the manipulation of the content parameter enables SQL injection. Exploitation can be remote, and an exploit has been publicly released. The vendor ...
EyouCMS SQL注入漏洞
EyouCMS is an open source content management system CMS based on ThinkPHP by China Eyou Eyou. EyouCMS 1.7.6 and previous versions exist SQL injection vulnerability, the vulnerability stems from the wrong operation of the parameter content in the file /application/admin/logic/FilemanagerLogic.php,...
CVE-2025-51511
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...
GHSA-QX44-P258-3C2V Cadmium CMS has a background arbitrary file upload vulnerability
Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads...
CVE-2025-51511
Cadmium CMS v0.4.9 is affected by a background arbitrary file upload vulnerability at /admin/content/filemanager/uploads. The issue allows an attacker to upload crafted files via that endpoint, with potential to upload malicious files and even execute arbitrary code according to Snyk’s descriptio...
CVE-2024-58279
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...
EUVD-2024-55319
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the filemanager upload endpoint. An attacker can execute arbitrary code on the server by uploading a crafted PHP file through authenticated access. Remediation There is no fixed version for apprain/apprain...
CVE-2024-58279
CVE-2024-58279 affects appRain CMF 4.0.5. An authenticated administrator can upload a crafted PHP file via the filemanager/upload endpoint, leading to remote code execution and the potential formation of a web shell with command execution in the uploads directory. Multiple connected sources corro...
CVE-2024-58279 appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...
Rich Filemanager 安全漏洞
Rich Filemanager is a file manager for Pavel Personal Developer. A security vulnerability exists in Rich Filemanager version v2.7.6, which stems from the /php/UploadHandler.php component being vulnerable to an arbitrary file upload attack, which could lead to the execution of arbitrary code...
CVE-2025-64265 WordPress Frontend File Manager plugin <= 23.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in N-Media Frontend File Manager nmedia-user-file-uploader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Frontend File Manager: from n/a through = 23.2...
Linanto Control Web Panel (CWP) < 0.9.8.1205 Command Injection (CVE-2025-48703)
The version of Linanto Control Web Panel CWP, a web based control panel application, installed on the remote host is prior to 0.9.8.1205. It is, therefore, affected by a remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. Note that Nessus ha...
CWP Control Web Panel OS Command Injection Vulnerability
CWP Control Web Panel formerly CentOS Web Panel contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the ttotal parameter in a filemanager changePerm request. A valid non-root username must be known...
EUVD-2018-7372
Malware in sbrugna...
EUVD-2009-2395
Malware in sbrugna...
EUVD-2019-2897
Malware in sbrugna...
EUVD-2004-2039
Malware in sbrugna...
EUVD-2017-6398
Malware in sbrugna...
EUVD-2006-1375
Malware in sbrugna...