CVE-2021-47758

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...

CVE-2021-47758

Chikitsa Patient Management System 2.0.2 is affected by an authenticated remote code execution (RCE) vulnerability exposed via the module upload function. An authenticated attacker can upload a ZIP plugin containing a PHP backdoor, enabling arbitrary command execution on the server through a weap...

EUVD-2026-2775

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...

CVE-2021-47758 Chikitsa Patient Management System 2.0.2 - Remote Code Execution (RCE) (Authenticated)

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...

Chikitsa code vulnerabilities

Chikitsa is a patient management system developed by the individuals at Sanskruti Technologies. Version Chikitsa 2.0.2 has code vulnerabilities; these vulnerabilities stem from the module upload function, which may allow authenticated attackers to upload malicious PHP plugins and execute remote...

PT-2026-3034

Name of the Vulnerable Software and Affected Versions Chikitsa Patient Management System version 2.0.2 Description The software contains an authenticated remote code execution issue. Attackers can upload malicious PHP plugins through the module upload functionality. Authenticated attackers can...

CVE-2025-34506

WBCE CMS is affected: version 1.6.3 and earlier are vulnerable to authenticated remote code execution via uploading a malicious module. The flaw arises when an administrator can upload a ZIP module containing embedded PHP reverse shell code, enabling remote system access when installed. Exploitat...

CVE-2025-34506 WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

CVE-2025-34506 WBCE CMS 1.6.3 Authenticated Remote Code Execution via Module Upload

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

EUVD-2008-4777

Malware in sbrugna...

CVE-2025-8772

A vulnerability, which was classified as problematic, has been found in Vinades NukeViet up to 4.5.06. This issue affects some unknown processing of the file /admin/index.php?language=en&nv=upload of the component Module Handler. The manipulation leads to server-side request forgery. The attack m...

DrayTek Vigor 165 代码问题漏洞

The DrayTek Vigor 165 is a VDSL2 35b hypervector modem/router from China Juyi DrayTek. A security vulnerability exists in the DrayTek Vigor 165 that originates from the upload of a specially crafted APP Enforcement module, which could lead to arbitrary code execution...

CVE-2024-22895

DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/moduleupload.php...

Pluck 4.7.18 Remote Shell Upload

Title: pluck-4.7.18 - FI + RCE. Author: nu11secur1ty Date: 07.19.2023 Vendor: https://github.com/pluck-cms/pluck/wiki Software: https://github.com/pluck-cms/pluck Reference: https://portswigger.net/daily-swig/rce Reference: https://portswigger.net/web-security/file-upload Description: The attacke...

Cross-site Scripting in Fork CMS

Fork CMS prior to 5.11.1 is vulnerable to stored cross-site scripting. When uploading a new module, the description of the module can contain JavaScript code. The JavaScript code may be executed after uploading the new module and looking at the Details page...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

Description When uploading a new module, the description of the module can contain JavaScript code. After uploading the new module and looking at the Details page, the JavaScript code would be executed. Proof of Concept - I downloaded this module...

Moderate: Red Hat Bug Fix Advisory: Satellite 6.2.1 bug fix update

Updated Satellite 6.2 packages that fix several bugs are now available. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs...