CVE-2025-63994

An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-63994

An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2025-63994

CVE-2025-63994 affects RichFilemanager v2.7.6. The vulnerability is in the /php/UploadHandler.php component and allows an attacker to upload a crafted file, enabling arbitrary code execution. Reported base metrics indicate a critical CVSS v3.1 score (9.8; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Red...

EUVD-2021-15061

Malware in sbrugna...

WordPress plugin Backup and Staging by WP Time Capsule 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2024-29833 WordPress Photo Gallery Plugin <= 1.8.21 Stored Cross Site Scripting in UploadHandler

The image upload component allows SVG files and the regular expression used to remove script tags can be bypassed by using a Cross Site Scripting payload which does not match the regular expression; one example of this is the inclusion of whitespace within the script tag. An attacker must target ...

CVE-2022-36305

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the body function at /web/api/v1/upload/UploadHandler.php...

CVE-2022-36304

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the generateresponse function at /web/api/v1/upload/UploadHandler.php...

CVE-2022-36304

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the generateresponse function at /web/api/v1/upload/UploadHandler.php...

CVE-2022-36305

Vesta v1.0.0-5 was discovered to contain a cross-site scripting XSS vulnerability via the body function at /web/api/v1/upload/UploadHandler.php...

CVE-2022-34025

CVE-2022-34025 affects Vesta Control Panel (VestaCP) v1.0.0-5. The vulnerability is a cross-site scripting (XSS) in the POST path /web/api/v1/upload/UploadHandler.php (upload function). Root cause described as an XSS in the upload handler; impact indicators from NVD show Confidentiality: Low, Int...

Vesta Control Panel 跨站脚本漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A security vulnerability exists in Vesta Control Panel version v1.0.0-5, which stems from a security issue in the generateresponse function in UploadHandler.php...

Exploit for Off-by-one Error in Sudo_Project Sudo

PoC exploit for CVE-2021-3156, an exploit module targeting the WangluoAnquan framework. The exploit is designed to demonstrate the vulnerability in the framework's UploadHandler.ashx component, which allows for arbitrary file uploads. The exploit uses a simple form submission to upload a maliciou...

Vesta Control Panel 代码问题漏洞

Vesta Control Panel VestaCP is an open source web hosting control panel. A code issue vulnerability exists in Vesta Control Panel version 0.9.8-27 and prior versions, which stems from web upload UploadHandler.php allowing uploads from different sources...

WordPress wpDataTables 1.5.3 Shell Upload

!/usr/bin/python Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Date : 2014-11-22 Exploit written by Claudio Viviani Video Demo: https://www.youtube.com/watch?v=44m4VNpeEVc...

Wordpress wpDataTables 1.5.3 shell Upload Exploit

The wordpress premium plugin wpDataTables 1.5.3 and below suffers from Unauthenticated Shell Upload Vulnerability !/usr/bin/python Exploit Name: Wordpress wpDataTables 1.5.3 and below Unauthenticated Shell Upload Vulnerability Vulnerability discovered by Claudio Viviani Date : 2014-11-22 Exploit...

WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload

WordPress Plugin Photo Gallery 1.2.5 - Unrestricted Arbitrary File Upload Exploit Title: Photo Gallery 1.2.5 Unrestricted File Upload Date: 11-11-2014 Software Link: https://wordpress.org/plugins/photo-gallery/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...

JqueryUpload large file upload arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Guess the solutions to catalog, direct access to the default. aspx you may need to modify the parameter uploadid,the specific capture can be seen, can not make the undefined） 2. Test upload, the capture 3. Modify the Upload Directory can be arbitrarily specified 4. Guessing file name: the server...