CVE-2020-19147

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder' function in the component '/modules/filemanager/FileManager.java'...

Command injection

Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinalcms/admin/filemanager/list'...

Improper access control

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

CVE-2020-19154

Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile' function in the component 'modules/filemanager/FileManagerController.java'...

Jfinal CMS 路径遍历漏洞

Jfinal CMS is a powerful information consulting website developed in java, using JFinal as the web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS 4.7.1 and earlier versions have improper access control vulnerabilities. An attacker could use t...

CVE-2020-20642

Cross Site Request Forgery CSRF vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn...

CVE-2020-20642

Cross Site Request Forgery CSRF vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn...

CVE-2020-20642

CVE-2020-20642: CSRF vulnerability in EyouCMS 1.3.6 allows adding an HTML page to execute JavaScript via login.php?m=admin&c=Filemanager&a=newfile&lang=cn. Affected product is EyouCMS (ThinkPHP-based). Root cause: cross-site request forgery enabling unauthorized page creation; exact exploit path ...

Tecnick.com TCExam 跨站脚本漏洞

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. A security vulnerability exists in Tecnick.com TCExam, which stems from a reflected cross-site scripting vulnerability in TCExam prior to version...

Tecnick.com TCExam 跨站脚本漏洞

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. A security vulnerability exists in Tecnick.com TCExam, which stems from a reflected cross-site scripting vulnerability in TCExam prior to version...

CVE-2021-20111

A stored cross-site scripting vulnerability exists in TCExam = 14.8.1. Valid files uploaded via tcefilemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tcefilemanager.php could upload a malicious javascript payload which would be...

Tecnick.com TCExam 跨站脚本漏洞

Tecnick.com TCExam is a Web-based open source e-exam system from Tecnick.com, UK. The system is primarily used for online exams, among other things. TCExam suffers from a cross-site scripting vulnerability that originates. The vulnerability exists due to insufficient validation of user-supplied...

GHSA-QPGW-2C72-4C89 Mautic users able to download any files from server using filemanager

Impact Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session must be logged into Mautic to use the Filemanager to download any file from the server that the web user has access to. Patches Update to 2.12.0 or later. Workarounds None For more information If y...

Mautic users able to download any files from server using filemanager

Impact Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session must be logged into Mautic to use the Filemanager to download any file from the server that the web user has access to. Patches Update to 2.12.0 or later. Workarounds None For more information If y...

Responsive FileManager 9.13.4 Path Traversal

Exploit Title: Responsive FileManager 9.13.4 - 'path' Path Traversal Date: 12/12/2018 PoC Date: 04/01/2020 Auto Exploit Exploit Author: SunCSR Sun Cyber Security Research Google Dork: intitle:"Responsive FileManager 9.x.x" Vendor Homepage: http://responsivefilemanager.com/ Software Link:...

FlexDotnetCMS Arbitrary ASP File Upload

This module exploits an arbitrary file upload vulnerability in FlexDotnetCMS v1.5.8 and prior in order to execute arbitrary commands with elevated privileges. The module first tries to authenticate to FlexDotnetCMS via an HTTP POST request to /login. It then attempts to upload a random TXT file a...

WordPress WP-FileManager Remote Code Execution Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A remote code execution vulnerability exists in WordPress WP-FileManager. An attacker can...

WordPress WP-FileManager 6.8 Remote Code Execution

Exploit Title: WordPress Plugin Wp-FileManager 6.8 - RCE Date: September 4,2020 Exploit Author: Mansoor R @time4ster Version Affected: 6.0 to 6.8 Vendor URL: https://wordpress.org/plugins/wp-file-manager/ Patch: Upgrade to wp-file-manager 6.9 Tested on: wp-file-manager 6.0...

HorizontCMS Arbitrary PHP File Upload

This module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The serv...

HorizontCMS 1.0.0-beta Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HorizontCMS Arbitrary PHP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta ...