2169 matches found
PT-2026-3542
Name of the Vulnerable Software and Affected Versions PrismX MX100 AP controller affected versions not specified Description The PrismX MX100 AP controller developed by BROWAN COMMUNICATIONS has an arbitrary file upload issue. This allows remote attackers with sufficient privileges to upload and...
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2026-1021
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-1021
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-1021 Gotac|Police Statistics Database System - Arbitrary File Upload
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-1021 Gotac|Police Statistics Database System - Arbitrary File Upload
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2026-1021
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
PT-2026-3208
Police Statistics Database System developed by Gotac has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attacker to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2021-47757
Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a malicious PHP shell to execute arbitrary system commands on the server...
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2021-47757
CVE-2021-47757 affects Chikitsa Patient Management System 2.0.2. An authenticated remote code execution vulnerability exists in the backup restoration functionality: an authenticated attacker can upload a modified backup ZIP containing a malicious PHP shell to execute arbitrary system commands on...
CVE-2021-47753
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)
phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...
PT-2026-3030
Name of the Vulnerable Software and Affected Versions phpKF CMS version 3.00 Beta y6 Description The software contains an unauthenticated file upload issue that enables remote attackers to execute arbitrary code. This is achieved by bypassing file extension checks, allowing attackers to upload a...
odfs_rce_poc
Online Discussion Forum Site 1.0 - Remote Code Execution PoC...
CVE-2025-67924
Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Corpkit corpkit allows Upload a Web Shell to a Web Server.This issue affects Corpkit: from n/a through = 2.0...
CVE-2025-67910
Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through = 1.3.7...
CVE-2023-4827
The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...
CVE-2022-26986
SQL Injection in ImpressCMS 1.4.3 and earlier allows remote attackers to inject into the code in unintended way, this allows an attacker to read and modify the sensitive information from the database used by the application. If misconfigured, an attacker can even upload a malicious web shell to...