2186 matches found
CVE-2021-42171
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...
CVE-2021-42171
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...
Unrestricted file upload
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...
CVE-2021-42171
CVE-2021-42171 affects Zenario CMS 9.0.54156 and is a file-upload vulnerability that allows remote code execution. The root cause, per the sources, is lack of validation of uploaded files. Exploitation exists in public advisories (e.g., Exploit-DB) demonstrating an authenticated path to achieve R...
CVE-2021-42171
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...
MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution
The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...
GHSA-4PWW-FQGH-36HJ Unrestricted Upload of File with Dangerous Type in Croogo
A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script...
Unrestricted Upload of File with Dangerous Type in Croogo
A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script...
CVE-2021-44673
A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...
CVE-2021-44673
A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...
Remote code execution
A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...
CVE-2021-44673
Croogo 3.0.2 is affected by an arbitrary file upload vulnerability in the admin/file-manager/attachments path that lets a malicious user upload a PHP web shell, enabling remote code execution. Root cause: unrestricted file uploads in the attachment handler. Exploitation details and a concrete fix...
CVE-2021-44673
A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...
ImpressCMS: SQL Injection in version 1.4.3 and below
A SQL Injection vulnerability was discovered in ImpressCMS version 1.4.3 and earlier. This vulnerability allowed remote attackers to inject malicious code into the application, enabling them to read and modify sensitive information from the database. In some cases, attackers could even upload a...
Croogo 代码问题漏洞
Croogo is a content management system CMS based on the CakePHP framework development . The system provides content type can be customized as Blog, Node, Page, content editing using WYSIWYG editor and other features. A security vulnerability exists in Croogo 3.0.2, which can be exploited to allow...
Attendance and Payroll System v1.0 - Remote Code Execution Exploit
Exploit Title: Attendance and Payroll System v1.0 - Remote Code Execution RCE Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux, MySQL, Apache import...
Attendance And Payroll System 1.0 Remote Code Execution
Exploit Title: Attendance and Payroll System v1.0 - Remote Code Execution RCE Date: 04/03/2022 Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux,...
Attendance and Payroll System v1.0 - Remote Code Execution (RCE)
Exploit Title: Attendance and Payroll System v1.0 - Remote Code Execution RCE Date: 04/03/2022 Exploit Author: pr0z Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/apsystem.zip Version: v1.0 Tested on: Linux,...
pfSense Diag Routes Web Shell Upload
This module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface CVE-2021-41282. The vulnerability affects versions use exploit/unix/http/pfsensediagrouteswebshell msf exploitpfsensediagrouteswebshell show targets ...targets... msf exploitpfsensediagrouteswebshell set...
pfSense 2.5.2 Shell Upload Exploit
This Metasploit module exploits an arbitrary file creation vulnerability in the pfSense HTTP interface CVE-2021-41282. The vulnerability affects versions 2.5.2 and below and can be exploited by an authenticated user if they have the "WebCfg - Diagnostics: Routing tables" privilege. This module us...