isic.lk-RCE

Usage python exp.py http://localhost/isic !image-20...

Fingerprint Attendance 1.0 SQL Injection Vulnerability

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Steps 1...

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...

CVE-2021-44082

textpattern 4.8.7 is vulnerable to Cross Site Scripting XSS via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request...

Textpattern CMS 跨站脚本漏洞

Textpattern CMS is a Php-based content management system from the Textpattern team. textpattern is vulnerable to cross-site scripting, which can be exploited by unauthenticated remote attackers to trigger remote code execution using XSS by uploading a webshell...

CVE-2021-44159

4MOSAn GCB Doctor’s file upload function has improper user privilege control. A remote attacker can upload arbitrary files including webshell files without authentication and execute arbitrary code in order to perform arbitrary system operations or deny of service attack...

Mara CMS 代码问题漏洞

Mara CMS is a file-based content management system. A file upload vulnerability exists in Mara v7.5, which stems from /codebase/dir.php?type=filenew failing to properly filter user input. An attacker can use this vulnerability to upload a webshell file to execute arbitrary commands...

CVE-2020-18114

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

Desdev DedeCMS 代码问题漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing , content management , content editing and content retrieval functions. A security vulnerability exists in th...

CVE-2020-28165

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

PHP Webshell Upload Over HTTP

An attacker might upload a webshell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

SQL Injection Vulnerability in Farmers' Credit Information System of Nanning Desi Technology Co.

Nanning Desi Technology Co., Ltd, business scope includes computer software development and technical services; computer, office equipment sales and maintenance, etc.. A SQL injection vulnerability exists in the Farmer Credit Information System of Nanning Desi Technology Co. An attacker can utili...

OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)

Exploit Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated Date 12.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: Prior to 5.0.1.4 Tested on...

Catfish CMS suffers from a file upload vulnerability (CNVD-2021-42363)

Catfish catfish CMS is open source and free PHPCMS web content management system. Catfish CMS has a file upload vulnerability. An attacker can use the vulnerability to upload a webshell and gain server privileges...

SP Project & Document Manager < 4.22 - Authenticated Shell Upload

The plugin allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for...

File Upload Vulnerability in PatrolFlow Multiservice Security Gateway Intelligent Management Platform

Beijing Byzoro Networks Technology Co., Ltd hereinafter referred to as Byzoro Networks is a high-tech enterprise dedicated to building the next-generation secure Internet. A file upload vulnerability exists in PatrolFlow Multi-service Security Gateway Intelligent Management Platform. Attackers ca...

File Upload Vulnerability in Lionfish Merchant Management System

Xiamen Lionfish Network Technology Co., Ltd. is an Internet innovation model software products and solutions as the core, mainly focusing on e-commerce system development and business solutions for high-tech enterprises. A file upload vulnerability exists in the Lionfish Merchant Management Syste...

File upload vulnerability in ClassCMS backend (CNVD-2021-35844)

ClassCMS is a content management system. A file upload vulnerability exists in the ClassCMS backend. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File upload vulnerability in PHPOK backend

PHPOK is a set of enterprise website system developed in PHP + MYSQL language. A file upload vulnerability exists in the PHPOK backend. An attacker can exploit the vulnerability to upload webshell and gain server privileges...

File Upload Vulnerability in Fish Leap CMS Backend

FishLeap CMS is made up of a content management system that is specifically geared towards enterprise applications. A file upload vulnerability exists in the backend of Fishy CMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...