2170 matches found
CVE-2024-58284
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...
CVE-2024-58279
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...
CVE-2024-58281
Dotclear 2.29 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the media upload functionality. Attackers can exploit the file upload process by crafting a PHP shell with a command execution form to gain system access through...
CVE-2024-58279
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...
CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...
CVE-2024-58284
CVE-2024-58284 affects PopojiCMS 2.0.1. Descriptions across multiple sources indicate an authenticated remote command execution vulnerability that lets an administrative user inject malicious PHP code via the metadata settings endpoint. An attacker who can log in can modify meta content to create...
CVE-2024-58284 PopojiCMS 2.0.1 Remote Command Execution via Authenticated Metadata Settings
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...
CVE-2024-58283 WBCE CMS 1.6.2 Remote Code Execution via Elfinder File Upload
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...
CVE-2024-58281
CVE-2024-58281 - Dotclear 2.29 has a remote code execution vulnerability exploited via the media upload feature. Authenticated attackers can upload a crafted PHP shell (file upload form) to execute arbitrary code and gain system access. Affected software: Dotclear 2.29. Root cause: unauthenticate...
CVE-2024-58279 appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...
PT-2025-50531
Name of the Vulnerable Software and Affected Versions Serendipity version 2.5.0 Description An authenticated administrator can upload malicious PHP files through the media upload functionality, leading to remote code execution. An attacker can create a PHP shell with a command execution form,...
PT-2025-50532
WBCE CMS version 1.6.2 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files through the Elfinder file manager. Attackers can exploit the file upload functionality in the elfinder connector to upload a web shell and execute arbitrary syst...
PT-2025-50533
PopojiCMS 2.0.1 contains an authenticated remote command execution vulnerability that allows administrative users to inject malicious PHP code through the metadata settings endpoint. Attackers can log in and modify the meta content to create a web shell that executes arbitrary system commands...
Exploit for CVE-2025-67325
🚨 Unauthenticated Remote Code Execution RCE via File Upload...
CVE-2025-65806
The E-POINT CMS eagle.gsam-1169.1 file upload feature improperly handles nested archive files. An attacker can upload a nested ZIP a ZIP containing another ZIP where the inner archive contains an executable file e.g. webshell.php. When the application extracts the uploaded archives, the executabl...
Exploit for CVE-2025-39401
CVE-2025-39401 WordPress WPAMS Plugin = 44.0 17-08-2023...
Ares
Ultimate SQLi Tool v3.0 — FINAL The most powerful, autonomous...
CVE-2025-12867
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
EUVD-2025-41751
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...
CVE-2025-12867 Hundred Plus|EIP Plus - Arbitrary File Uplaod
EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...