PT-2022-18162 · Unknown · Impresscms

Name of the Vulnerable Software and Affected Versions: ImpressCMS versions 1.4.3 and earlier Description: The issue allows remote attackers to inject code in an unintended way, enabling them to read and modify sensitive information from the database used by the application. If the system is...

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

IdeaRE RefTree Shell Upload

=============================================================================== title: IdeaRE RefTree Remote Code Execution product: IdeaRE RefTree 2021.09.17 vulnerability type: Unrestricted File Upload CVE ID: CVE-2022-27249 severity: High CVSSv3 score: 8.8 CVSSv3 vector:...

Medical Hub Directory Site 1.0 Shell Upload Vulnerability

Title: Medical Hub Directory Site 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

Fingerprint Attendance 1.0 Shell Upload Vulnerability

Title: Fingerprint Attendance 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache registered user can...

Medical Hub Directory Site 1.0 Shell Upload

Title: Medical Hub Directory Site 1.0 Shell Upload Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip Reference:...

Pay Slip PDF Generator System 1.0 Shell Upload Vulnerability

Title: Pay Slip PDF Generator System 1.0 Shell Upload Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15242/employees-pay-slip-pdf-generator-system-email-using-phpoop-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/pess0.zip...

Event Management System 1.0 Shell Upload

Title: Event Management System 1.0 Shell Upload Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/15238/event-management-system-project-php-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip Reference:...

Sports Complex Booking System 1.0 Shell Upload

Title: Sports Complex Booking System 1.0 Shell Upload Author: Hejap Zairy Date: 24.07.2022 Vendor: https://www.sourcecodester.com/php/15236/online-sports-complex-booking-system-phpmysql-free-source-code.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/scbs1.zip...

Tiny File Manager 2.4.6 Shell Upload

Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Date: 14/03/2022 Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "admin@123" " log-in URL=$1 admin=$2...

Pluck 代码问题漏洞

Pluck is a content management system CMS developed using the PHP language. A code issue vulnerability exists in Pluck CMS version 4.7.16, which stems from a remote shell upload execution vulnerability in Pluck CMS version 4.7.16...

Croogo 代码问题漏洞

Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. A security vulnerability exists in Croogo 3.0.2, which can be exploited to allow...

pfSense 2.5.2 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense Diag Routes Web Shell Upload', 'Description' = %q This module exploits an arbitrary file creation vulnerability in the pfSense HTTP...

Axis IP Camera Shell Upload Exploit

This Metasploit module exploits the "Apps" feature in Axis IP cameras. The feature allows third party developers to upload and execute eap applications on the device. The system does not validate the application comes from a trusted source, so a malicious attacker can upload and execute arbitrary...

WordPress dzs-zoomsounds 6.60 Shell Upload

Exploit Title: WordPress Plugin dzs-zoomsounds - Remote Code Execution RCE Unauthenticated Google Dork: inurl:wp-content/plugins/dzs-zoomsounds Date: 16/02/2022 Exploit Author: Overthinker1877 1877 Team Vendor Homepage: https://digitalzoomstudio.net/docs/wpzoomsounds/ Version: 6.60 Tested on:...

Tiny File Manager 2.4.3 Shell Upload Exploit

Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "email protected" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then...

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

PT-2022-12668 · Unknown · Composr Cms

Name of the Vulnerable Software and Affected Versions: Composr-CMS versions 10.0.39 and earlier Description: The issue allows remote attackers to execute arbitrary code via uploading a PHP shell through the "/adminzone/index.php?page=admin-commandr" API endpoint. This enables attackers to perform...

Exam Reviewer Management System 1.0 Shell Upload

Exploit Title: Exam Reviewer Management System 1.0 - Remote Code Execution RCE Authenticated Date: 2022-02-08 Exploit Author: Juli Agarwal@agarwaljuli Vendor Homepage: https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html Software Link:...

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...