CVE-2021-35456

Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload...

CVE-2021-32630

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

CVE-2020-28692

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files...

CVE-2025-39380

CVE-2025-39380 corresponds to an Arbitrary/Unrestricted File Upload vulnerability in the WordPress plugin for Mojoomla Hospital Management System (Hospital Management System). Affected: mojoomla Hospital Management System WordPress plugin versions prior to 47.0 (up to 2023-11-20). Impact cited ac...

CVE-2025-39401

CVE-2025-39401 affects the WordPress WPAMS plugin <= 44.0 and is an Arbitrary File Upload vulnerability. The issue is caused by Unrestricted Upload of File with Dangerous Type, enabling an attacker to upload a web shell to the server. The shell upload target path is /wp-content/uploads/apartme...

CVE-2025-39402 WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...

PT-2025-44: Remote Code Execution (RCE) in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to execute arbitrary code on the server because input validation is insufficient; the attacker can upload a command‑line interpreter and gain full system control...

WordPress PDF 2 Post 2.4.0 Shell Upload

WordPress PDF 2 Post plugin versions 2.4.0 and below suffers from a remote shell upload vulnerability via a zip file...

CVE-2025-47549

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through = 4.6.10...

CVE-2025-47549 WordPress BEAF plugin <= 4.6.10 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic BEAF beaf-before-and-after-gallery allows Upload a Web Shell to a Web Server.This issue affects BEAF: from n/a through = 4.6.10...

WordPress CSV Mass Importer 1.2 Shell Upload

WordPress CSV Mass Importer plugin versions 1.2 and below suffer from a remote shell upload vulnerability...

WordPress NewsBlogger Theme 0.2.5.1 Shell Upload

WordPress NewsBlogger Theme versions 0.2.5.1 and below suffer from a remote shell upload vulnerability...

WordPress WP-Advanced-Search 3.3.9.3 Shell Upload

WordPress WP-Advanced-Search plugin versions 3.3.9.3 and below suffer from a remote shell upload vulnerability...

Exploit for Deserialization of Untrusted Data in Spip

SPIP CVE-2023-27372 Unauthenticated RCE Exploit Web Shell Upl...

CVE-2025-32660

Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager js-jobs allows Upload a Web Shell to a Web Server.This issue affects JS Job Manager: from n/a through = 2.0.2...

📄 Online Shopping System Advanced 1.0 Shell Upload / SQL Injection

Online Shopping System Advanced version 1.0 suffers from remote shell upload and remote SQL injection vulnerabilities. Exploit Title: Online Shopping System Advanced - Remote Code Execution Date: 2025-03-11 Exploit Author: bRpsd Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=bRpsd...

WordPress WP Remote Thumbnail 1.3.2 Shell Upload

WordPress WP Remote Thumbnail plugin versions 1.3.2 and below suffer from a remote shell upload vulnerability...

WordPress I Draw 1.0 Shell Upload

WordPress I Draw plugin version 1.0 suffers from a remote shell upload vulnerability...

CVE-2025-30967

Cross-Site Request Forgery CSRF vulnerability in NotFound WPJobBoard allows Upload a Web Shell to a Web Server. This issue affects WPJobBoard: from n/a through n/a...