Exploit for OS Command Injection in Netgate Pfblockerng

CVE-2022-31814 WebApp bug import argparse import requ...

CVE-2023-0943

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function savesettings of the file index.php?page=sitesettings of the component Image Handler. The manipulation of the argument img with the input...

Best POS Management System 1.0 Shell Upload

Exploit Title: Authenticated Remote Code Execution on File Upload Google Dork: NA Date: 17/2/2023 Exploit Author: Ahmed Ismail @MrOz1l Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

WordPress Slider Revolution 4.x.x Shell Upload

================================================================================================= | Title : WordPress - Slider Revolution 4.x.x WordPress - arbitrary file upload exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.064-bit | |...

Online Food Ordering System 2.0 Shell Upload Vulnerability

Exploit Title: Online Food Ordering System v2 - Remote Code Execution RCE Unauthenticated Exploit Author: Hakan Sonay Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

SugarCRM Shell Upload Exploit

!/usr/bin/env python SugarCRM 0-day Auth Bypass + RCE Exploit Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0 https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php https://www.shodan.io/search?query=http.title:"SugarCRM"...

WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload

Description: Unauthenticated Arbitrary File Upload Affected Plugin: Yith WooCommerce Gift Cards Premium Plugin Slug: yith-woocommerce-gift-cards-premium Affected Versions: = 3.19.0 CVE ID: CVE-2022-45359 CVSS Score: 9.8 Critical CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N...

CVE-2022-42064

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell...

Sql injection

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell...

CVE-2022-42064

Online Diagnostic Lab Management System version 1.0 remote exploit that bypasses login with SQL injection and then uploads a shell...

CVE-2022-42064

The CVE-2022-42064 entry relates to Online Diagnostic Lab Management System version 1.0, where a SQL injection flaw allows remote authentication bypass and subsequent upload of a shell. This affects the login/authentication/remote file upload flow, enabling an attacker with network access to bypa...

Online Diagnostic Lab Management System SQL注入漏洞

Online Diagnostic Lab Management System is an online diagnostic lab management system. A SQL injection vulnerability exists in Online Diagnostic Lab Management System version 1.0, which can be exploited by remote attackers to bypass login restrictions and upload a shell via SQL injection...

WordPress Elementor 3.6.2 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Plugin Elementor Authenticated Upload Remote Code Execution', 'Description' = %q The WordPress plugin Elementor versions 3.6.0 - 3.6.2,...

GuppY CMS 6.00.10 Shell Upload Exploit

Exploit Title: GuppY 6.00.10 CMS Remote Code Execution Exploit Author: Chokri Hammedi Vendor Homepage: https://www.freeguppy.org/ Software Link: https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0z2 Version: 6.00.10 Tested on: Linux !/usr/bin/php ?php $username = "Admin";...

GuppY CMS 6.00.10 Shell Upload

Exploit Title: GuppY 6.00.10 CMS Remote Code Execution Date: Sep 30, 2022 Exploit Author: Chokri Hammedi Vendor Homepage: https://www.freeguppy.org/ Software Link: https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0z2 Version: 6.00.10 Tested on: Linux !/usr/bin/php ?php $username =...

CVE-2022-40878

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...

CVE-2022-40878

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...

pfBlockerNG 2.1.4_26 Shell Upload Exploit

!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...

pfBlockerNG 2.1.4_26 Shell Upload

!/usr/bin/env python3 Original Advisory: https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ import argparse import requests import time import sys import urllib.parse from requests.packages.urllib3.exceptions import InsecureRequestWarning...