409 matches found
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...
WordPress Bricks Builder Theme 1.9.6 Code Injection
============================================================================================================================================= | Title : WordPress Bricks Builder Theme 1.9.6 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
WordPress Hash Form 1.1.0 Code Injection
============================================================================================================================================= | Title : WordPress Hash Form 1.1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Car Rental Project 1.0 Code Injection
============================================================================================================================================= | Title : Car Rental Project 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2023-50564 For educational purposes only. This script abu...
CVE-2024-5630
The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...
SofaWiki 3.9.2 - Remote Command Execution (Authenticated) Exploit
Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import requests import random import...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
Design/Logic Flaw
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2023-33480
CVE-2023-33480 affects RemoteClinic 2.0. The issue stems from lack of input validation and access control in staff/register.php and edit-my-profile.php, enabling remote attackers with low-privileged credentials to create admin users, escalate privileges, upload PHP code, and execute commands via ...
Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons
CVE-2023-5360 An Open-source EXPLOIT for The Royal Elementor...
BoidCMS 2.0.0 Shell Upload
!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...
Job Board 1.0 Shell Upload
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
SugarCRM 12.2.0 - Remote Code Execution (RCE)
!/usr/bin/env python Exploit Title: SugarCRM 12.2.0 - Remote Code Execution RCE Exploit Author: sw33t.0day Vendor Homepage: https://www.sugarcrm.com Version: all commercial versions up to 12.2.0 Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0...
CVE-2023-0255 Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload
The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...
C99Shell-PHP7 - PHP 7 And Safe-Build Update Of The Popular C99 Variant Of PHP Shell
C99Shell-PHP7 PHP 7 and safe-build Update of the popular C99 variant of PHP Shell. c99shell.php v.2.0 PHP 7 25.02.2019 Updated by: PinoyWH1Z for PHP 7 About C99Shell An excellent example of a web shell is the c99 variant, which is a PHP shell most of them calls it malware often uploaded to a...
WordPress Slider Revolution 4.6.5 Shell Upload
==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...
SugarCRM Shell Upload Exploit
!/usr/bin/env python SugarCRM 0-day Auth Bypass + RCE Exploit Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0 https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php https://www.shodan.io/search?query=http.title:"SugarCRM"...