CVE-2025-15067

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...

CVE-2025-15067 Unrestricted File Upload and RCE in Innorix WP

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...

CVE-2025-15067

CVE-2025-15067 affects Innorix WP. The issue is an Unrestricted Upload of File with Dangerous Type that can allow uploading a Web Shell to the web server when anexam directory exists under the installation path (e.g., innorix/exam). All versions are affected as stated in the initial description. ...

EUVD-2025-205541

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed ex: innorix/exam...

WELLTEND BPMFlowWebkit 代码问题漏洞

WELLTEND BPMFlowWebkit is a business process management system from WELLTEND Corporation of Taiwan, China. A code issue vulnerability exists in WELLTEND BPMFlowWebkit, which stems from the presence of an arbitrary file upload vulnerability that could allow an unauthenticated, remote attacker to...

INNORIX WP 安全漏洞

INNORIX WP is a high-capacity file transfer software from the Korean company INNORIX. A security vulnerability exists in INNORIX WP that stems from an unrestricted upload of dangerous types of files, which could result in the upload of a Web Shell to a Web server...

PT-2025-53797

Name of the Vulnerable Software and Affected Versions MapSVG versions through 8.7.3 Description The software contains a flaw that permits unrestricted file uploads of dangerous types. This allows for the upload of a web shell to a web server. The issue grants attackers webshell capabilities with...

WordPress plugin MapSVG 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

SUNNET WMPro 代码问题漏洞

SUNNET WMPro is a suite of online learning platforms from Taiwan, China-based Sunnet Technology SUNNET. SUNNET WMPro suffers from a code issue vulnerability that stems from the presence of an arbitrary file upload vulnerability that could allow an unauthenticated, remote attacker to upload and...

CMSimple_XH Code Execution Vulnerability

CMSimpleXH is a PHP-based content management system derived from the original CMSimple project and belongs to its offshoot version. CMSimpleXH suffers from a code execution vulnerability that stems from the content editing functionality not securely restricting or filtering code input when...

PT-2025-53679

Name of the Vulnerable Software and Affected Versions Innorix WP affected versions not specified Description The software contains a flaw related to unrestricted file uploads, potentially allowing an attacker to upload a web shell to a web server. This issue arises if the 'exam' directory exists...

Exploit for Unrestricted Upload of File with Dangerous Type in Royal-Elementor-Addons Royal_Elementor_Addons

Royal Elementor Addons ≤ 1.3.78 – Unauthenticated Arbitrary Fi...

📄 Pi-hole 5.18.3 Remote Code Execution

This PHP script is an authenticated remote code execution exploit targeting Pi-hole's web admin interface. It requires valid administrator credentials to log in, obtains a CSRF token, and abuses the adlist management feature by injecting a crafted gopher:// URL. The payload forces the server to...

Exploit for CVE-2025-67435

CVE-2025-67436 Authenticated Remote Code Execution RCE in...

CVE-2025-68109

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

PT-2025-52212

Name of the Vulnerable Software and Affected Versions Bitrix24 versions prior to 25.100.301 Description Remote Code Execution is possible because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. The supplier...

CVE-2025-68109

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

CVE-2025-68109 ChurchCRM vulnerable to RCE with database restore functionality

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

CVE-2025-68109

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, the Database Restore functionality does not validate the content or file extension of uploaded files. As a result, an attacker can upload a web shell file and subsequently upload a .htaccess file to enable direct...

CVE-2025-68109

ChurchCRM (open-source CRM) is affected in versions prior to 6.5.3. The vulnerability arises in the Database Restore feature, which does not validate the content or file extension of uploaded files, enabling an attacker to upload a web shell and then an .htaccess file to gain direct access. This ...