WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload

WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still...

CVE-2026-39598

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

PT-2026-49213

WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the...

CVE-2026-11839

CVE-2026-11839 concerns Başarsoft Rotaban. The issue is an unrestricted file upload of dangerous types that allows uploading a Web Shell to the web server. Affected Rotaban versions are V2026.06.002 prior to V2026.06.003. CVSS 3.1 base score 9.9 (CRITICAL) with network attack vector, low complexi...

EUVD-2026-32197

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

Exploit for CVE-2012-3152

Oracle Reports rwservlet Scanner ⚠️ For authorized use on...

📄 WordPress Ninja Forms - File Uploads 3.3.26 Shell Upload / Traversal

WordPress Ninja Forms - File Uploads plugin versions 3.3.26 and below arbitrary file upload exploit. !/usr/bin/env python3 """ Ninja Forms Upload - CVE-2026-0740 Author : Xenon1337 """ from future import annotations import pathlib import random import sys import re from datetime import datetime...

CVE-2021-47943

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

Exploit for CVE-2026-7537

MDJM Event Management = 1.7.8.3 - Authenticated Administrato...

CVE-2026-6885

CVE-2026-6885 affects Borg SPM 2007 from BorG Technology Corporation. The vulnerability is described as Arbitrary File Upload that allows unauthenticated remote attackers to upload and execute a web shell, enabling arbitrary code execution on the server. The connected sources do not provide concr...

Exploit for CVE-2025-15030

CVE-2025-15030 User Profile Builder 3.15.2 - Unauthentica...

CVE-2026-39620

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...

curl: Argument Injection via curl Short-Flag Grouping

This report details how the curl -os command facilitates an Argument Injection vulnerability in applications that wrap the curl command-line tool. The specific command curl -os /etc/passwd --url http://example.com demonstrates a subtle but dangerous behavior. Because -s silent follows -o output,...

CVE-2026-39621

Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...

📄 Jumbo Website Manager Shell Upload

Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7. Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL:...

EUVD-2026-20262

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...

CVE-2026-39620

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Appointment appointment allows Upload a Web Shell to a Web Server.This issue affects Appointment: from n/a through = 3.5.5...

CVE-2026-39621

Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...

CVE-2026-39619

Cross-Site Request Forgery CSRF vulnerability in priyanshumittal Busiprof busiprof allows Upload a Web Shell to a Web Server.This issue affects Busiprof: from n/a through = 2.5.2...

CVE-2026-39621

Cross-Site Request Forgery CSRF vulnerability in spicethemes SpicePress spicepress allows Upload a Web Shell to a Web Server.This issue affects SpicePress: from n/a through = 2.3.2.5...