PT-2024-34306 · Unknown · Rudra Innovative Software Training – Courses

Name of the Vulnerable Software and Affected Versions: Rudra Innovative Software Training – Courses versions prior to 2.0.1 Description: The issue allows unauthorized upload of malicious files, specifically a web shell, to a web server. This poses a significant risk to the security of the web...

WordPress plugin EKC Tournament Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2024-33626 · Unknown · Ekc Tournament Manager

Name of the Vulnerable Software and Affected Versions: EKC Tournament Manager versions n/a through 2.2.1 Description: A Cross-Site Request Forgery CSRF issue allows attackers to upload a web shell to a web server. This can be exploited by attackers to gain unauthorized access to the server...

PT-2024-34286 · WordPress · Ean For Woocommerce

Name of the Vulnerable Software and Affected Versions: AR For Woocommerce versions n/a through 6.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. Recommendations: For versions n/a through 6.2,...

CVE-2024-50496

Unrestricted Upload of File with Dangerous Type vulnerability in Web and Print Design AR For WordPress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through 6.2...

CVE-2024-49668 WordPress Verbalize WP plugin <= 1.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in christopherdewese1099 Verbalize WP verbalize-wp allows Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from n/a through = 1.0...

WordPress plugin Woocommerce Custom Profile Picture 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

CVE-2024-49607

Unrestricted Upload of File with Dangerous Type vulnerability in Redwan Hilali WP Dropbox Dropins allows Upload a Web Shell to a Web Server.This issue affects WP Dropbox Dropins: from n/a through 1.0...

CVE-2024-49331

Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Property Lot Management System allows Upload a Web Shell to a Web Server.This issue affects Property Lot Management System: from n/a through 4.2.38...

CVE-2024-49324

Unrestricted Upload of File with Dangerous Type vulnerability in Sovratec Sovratec Case Management allows Upload a Web Shell to a Web Server.This issue affects Sovratec Case Management: from n/a through 1.0.0...

PT-2024-33565 · Photokit · Photokit

Name of the Vulnerable Software and Affected Versions: photokit versions n/a through 1.0 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling a user to upload a web shell to a web server. This can be exploited to gain unauthorized access to the server...

PT-2024-38945 · Gether Technology · 6Shr System

Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology affected versions not specified Description: The 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scrip...

CVE-2023-31090

Unrestricted Upload of File with Dangerous Type vulnerability in Unlimited Elements Unlimited Elements For Elementor Free Widgets, Addons, Templates allows Upload a Web Shell to a Web Server.This issue affects Unlimited Elements For Elementor Free Widgets, Addons, Templates: from n/a through 1.5....

CVE-2023-6675

Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server.This issue affects CyberMath: from v.1.4 before v.1.5...

CVE-2023-4827

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

Mobatime 代码问题漏洞

Mobatime is a time and frequency synchronization solution from Mobatime, Inc. A security vulnerability exists in versions prior to Mobatime 06.7.2022 that originates from allowing a malicious user to upload a Web Shell to a Web server...

Ideasoft E-commerce Platform 代码问题漏洞

Ideasoft E-commerce Platform is an open source e-commerce platform from Ideasoft. Ideasoft E-commerce Platform before version 23.05 there is a code issue vulnerability, the vulnerability stems from the Rental Module has a dangerous type of file unrestricted upload vulnerability, allowing command...

WordPress Slider Revolution 4.6.5 Shell Upload

==================================================================================================================================== | Title : WordPress - Slider Revolution 4.6.5 WordPress - Slider Revolution 4.6.5 shell upload 0-day exploit | | Author : indoushka | | Tested on : windows 10...

CVE-2022-40878

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...

CVE-2022-40878

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution RCE...