Lucene search
+L

409 matches found

GithubExploit
GithubExploit
added 2024/10/27 8:21 p.m.167 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...

8.8CVSS9.5AI score0.29069EPSS
Exploits11
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.321 views

WordPress Bricks Builder Theme 1.9.6 Code Injection

============================================================================================================================================= | Title : WordPress Bricks Builder Theme 1.9.6 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/10/03 12:0 a.m.394 views

WordPress Hash Form 1.1.0 Code Injection

============================================================================================================================================= | Title : WordPress Hash Form 1.1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/24 12:0 a.m.222 views

Car Rental Project 1.0 Code Injection

============================================================================================================================================= | Title : Car Rental Project 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

7.4AI score
Exploits0
GithubExploit
GithubExploit
added 2024/08/17 10:46 a.m.432 views

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 For educational purposes only. This script abu...

8.8CVSS8.8AI score0.29069EPSS
Exploits11
NVD
NVD
added 2024/07/15 6:15 a.m.32 views

CVE-2024-5630

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

8.8CVSS0.00675EPSS
Exploits1References1
0day.today
0day.today
added 2024/04/21 12:0 a.m.286 views

SofaWiki 3.9.2 - Remote Command Execution (Authenticated) Exploit

Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import requests import random import...

7.4AI score
Exploits0
NVD
NVD
added 2023/11/07 3:15 p.m.37 views

CVE-2023-33480

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...

8.8CVSS0.0193EPSS
Exploits1References1
Prion
Prion
added 2023/11/07 3:15 p.m.21 views

Design/Logic Flaw

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...

6.5CVSS8.6AI score0.0193EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/11/07 12:0 a.m.46 views

CVE-2023-33480

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...

9.3AI score0.0193EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/11/07 12:0 a.m.12 views

CVE-2023-33480

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...

8.4AI score0.0193EPSS
Exploits1References1
CVE
CVE
added 2023/11/07 12:0 a.m.41 views

CVE-2023-33480

CVE-2023-33480 affects RemoteClinic 2.0. The issue stems from lack of input validation and access control in staff/register.php and edit-my-profile.php, enabling remote attackers with low-privileged credentials to create admin users, escalate privileges, upload PHP code, and execute commands via ...

8.8CVSS9.1AI score0.0193EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2023/11/05 6:2 p.m.714 views

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons

CVE-2023-5360 An Open-source EXPLOIT for The Royal Elementor...

9.8CVSS9.7AI score0.81695EPSS
Exploits18
Packet Storm
Packet Storm
added 2023/10/10 12:0 a.m.350 views

BoidCMS 2.0.0 Shell Upload

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...

8.8CVSS7.1AI score0.69003EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/06/27 12:0 a.m.253 views

Job Board 1.0 Shell Upload

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2023/04/01 12:0 a.m.235 views

SugarCRM 12.2.0 - Remote Code Execution (RCE)

!/usr/bin/env python Exploit Title: SugarCRM 12.2.0 - Remote Code Execution RCE Exploit Author: sw33t.0day Vendor Homepage: https://www.sugarcrm.com Version: all commercial versions up to 12.2.0 Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.5 views

CVE-2023-0255 Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

8.8AI score0.01096EPSS
Exploits2References1
Kitploit
Kitploit
added 2023/02/09 11:30 a.m.40 views

C99Shell-PHP7 - PHP 7 And Safe-Build Update Of The Popular C99 Variant Of PHP Shell

C99Shell-PHP7 PHP 7 and safe-build Update of the popular C99 variant of PHP Shell. c99shell.php v.2.0 PHP 7 25.02.2019 Updated by: PinoyWH1Z for PHP 7 About C99Shell An excellent example of a web shell is the c99 variant, which is a PHP shell most of them calls it malware often uploaded to a...

7.8AI score
Exploits0References2
Packet Storm
Packet Storm
added 2023/01/10 12:0 a.m.514 views

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

7.4AI score
Exploits0
0day.today
0day.today
added 2023/01/03 12:0 a.m.320 views

SugarCRM Shell Upload Exploit

!/usr/bin/env python SugarCRM 0-day Auth Bypass + RCE Exploit Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0 https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php https://www.shodan.io/search?query=http.title:"SugarCRM"...

7.4AI score
Exploits0
Rows per page
Query Builder