2032 matches found
CVE-2021-36582
In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell e.g., aspx to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL...
Purchase Order Management System 1.0 Shell Upload
Exploit Title: Purchase Order Management System 1.0 - Remote File Upload Date: 2021-09-14 Exploit Author: Aryan Chehreghani Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html...
Simple Image Gallery 1.0 Shell Upload
Exploit Title: Simple Image Gallery 1.0 - Remote Code Execution RCE Unauthenticated Date: 17.08.2021 Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html Version: V 1.0 Tested on: Ubuntu import reques...
Simple Water Refilling Station Management System 1.0 Shell Upload
Exploit Title: Simple Water Refilling Station Management System 1.0 - Remote Code Execution RCE through File Upload Exploit Author: Matt Sorrell Date: 2021-08-14 Vendor Homepage: https://www.sourcecodester.com Software Link:...
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Date: 2021-08-01 Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0...
WordPress Popular Posts 5.3.2 Shell Upload
Exploit Title: WordPress Plugin Popular Posts 5.3.2 - Remote Code Execution RCE Authenticated Date: 15/07/2021 Exploit Author: Simone Cristofaro Vendor Homepage: https://it.wordpress.org/plugins/wordpress-popular-posts/ Software Link:...
Garbage Collection Management System 1.0 Shell Upload / SQL Injection
Exploit Title: Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload Date: 05-07-2021 Exploit Author: Luca Bernardi - bernardiluca.job at protonmail.com | luca.bernardi at dedagroup.it Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WordPress SP Project And Document Manager 4.21 Shell Upload
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...
Exam Hall Management System 1.0 Shell Upload
Exploit Title: Exam Hall Management System 1.0 - Unrestricted File Upload Unauthenticated Date: 06/07/2021 Exploit Author: Thamer Almohammadi @Thamerz88 Vendor Homepage: https://www.sourcecodester.com Software Link:...
Simple Client Management System 1.0 - Remote Code Execution Exploit
Exploit Title: Simple Client Management System 1.0 - Remote Code Execution RCE Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip Version: 1.0 Tested on: Windows 10 Hom...
Simple Client Management System 1.0 SQL Injection / Shell Upload
Exploit Title: Simple Client Management System 1.0 - Remote Code Execution RCE Date: July 4, 2021 Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip Version: 1.0 Tested...
Simple Client Management System 1.0 - Remote Code Execution (RCE)
Exploit Title: Simple Client Management System 1.0 - Remote Code Execution RCE Date: July 4, 2021 Exploit Author: Ishan Saha Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/client-details.zip Version: 1.0 Tested...
CVE-2021-35456
Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload...
CVE-2021-35456
Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload...
CVE-2021-35456
CVE-2021-35456 affects Online Pet Shop Web App 1.0. The issue comprises two flaws: a remote SQL injection vulnerability and a shell upload vulnerability. CNNVD attributes the SQLi to lack of validation of externally entered SQL statements in the application, enabling attackers to execute arbitrar...
CVE-2021-35456
Online Pet Shop We App 1.0 is vulnerable to remote SQL injection and shell upload...
Lightweight facebook-styled blog Authenticated Remote Command Execution Exploit
This module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Lightweig...
Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload
!/usr/bin/env ruby Exploit Title: Monitorr exploit toolkit Google Dorks: inurl:/assets/config/installation/register.php?action=register Author: noraj Alexandre ZANNI for SEC-IT http://secit.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/sec-it/monitorr-exploit-toolkit...
Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload Exploit
!/usr/bin/env ruby Exploit Title: Monitorr exploit toolkit Google Dorks: inurl:/assets/config/installation/register.php?action=register Author: noraj Alexandre ZANNI for SEC-IT http://secit.fr Author website: https://pwn.by/noraj/ Exploit source: https://github.com/sec-it/monitorr-exploit-toolkit...
OpenEMR 5.0.1.3 Shell Upload
Exploit Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated Date 12.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: Prior to 5.0.1.4 Tested on...