CVE-2023-53922 TinyWebGallery v2.5 Remote Code Execution via Unrestricted File Upload

TinyWebGallery v2.5 contains a remote code execution vulnerability in the admin upload functionality that allows unauthenticated attackers to upload malicious PHP files. Attackers can upload .phar files with embedded system commands to execute arbitrary code on the server by accessing the uploade...

CVE-2023-53869

WEBIGniter 28.7.23 contains a file upload vulnerability that allows authenticated attackers to upload and execute dangerous PHP files through the media function. Attackers can leverage any created account to upload malicious PHP scripts that enable remote code execution on the application server...

CVE-2023-53868 Coppermine Gallery 1.6.25 Remote Code Execution via Plugin Upload

Coppermine Gallery 1.6.25 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the plugin manager. Attackers can upload a zipped PHP file with system commands to the plugin directory and execute arbitrary code by accessing the...

Perch CMS 安全漏洞

Perch CMS is a content management system from Perch. A security vulnerability exists in Perch CMS version 3.2 that stems from allowing authenticated administrators to upload arbitrary PHP files through the asset management interface, which could lead to remote code execution...

Blackcat CMS 安全漏洞

Blackcat CMS is a content management system from the German company Blackcat. A security vulnerability exists in Blackcat CMS version 1.4 that stems from allowing authenticated administrators to upload malicious PHP files via the jquery plugin manager, which could lead to remote code execution...

WEBIGniter 代码问题漏洞

WEBIGniter is a content management system from WEBIGniter, Inc. A code issue vulnerability exists in WEBIGniter version 28.7.23, which stems from a file upload vulnerability in the media feature that could lead to the upload and execution of dangerous PHP files...

EUVD-2024-55317

Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through...

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

CVE-2024-58280

CMSimple 5.15 contains a remote command execution vulnerability that allows authenticated attackers to modify file extensions and upload malicious PHP files. Attackers can append ',php' to Extensionsuserfiles and upload a shell script to the media directory to execute arbitrary code on the server...

CVE-2024-58282 Serendipity 2.5.0 Remote Code Execution via Authenticated Media Upload

Serendipity 2.5.0 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload mechanism by creating a PHP shell with a command execution form that enables...

CVE-2024-58279

CVE-2024-58279 affects appRain CMF 4.0.5. An authenticated administrator can upload a crafted PHP file via the filemanager/upload endpoint, leading to remote code execution and the potential formation of a web shell with command execution in the uploads directory. Multiple connected sources corro...

AZL-71525 CVE-2025-65082 affecting package httpd for versions less than 2.4.66-1

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Server through environment variables set via the Apache configuration unexpectedly superseding variables calculated by the server for CGI programs. This issue affects Apache HTTP Server from 2.4.0 through...

SQL-INJECTION

SQL-INJECTION SQL Injection SQLi Demonstration Pro...

GHSA-G2J9-G8R5-RG82 PrivateBin's template-switching feature allows arbitrary local file inclusion through path traversal

Summary An unauthenticated Local File Inclusion exists in the template-switching feature: if templateselection is enabled in the configuration, the server trusts the template cookie and includes the referenced PHP file. An attacker can read sensitive data or, if they manage to drop a PHP file...

CVE-2020-36863 Nagios XI < 5.7.2 Unrestricted File Upload via Audio Import Directory

Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and executed from that location. The upload handler did not properly restrict file types or enforce storage outside of the webroot, and the web server permitted execution within the upload directory. An...

EUVD-2012-6597

Malware in sbrugna...

EUVD-2021-25771

Malware in sbrugna...

EUVD-2003-0492

Malware in sbrugna...

CVE-2025-10009 Authenticated admin RCE in Invoice Ninja

Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja = 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files...

CVE-2025-10269 Spirit Framework <= 1.2.13 - Authenticated (Subscriber+) Local File Inclusion

The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the executi...