CVE-2025-60156

Cross-Site Request Forgery CSRF vulnerability in webandprint AR For WordPress ar-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects AR For WordPress: from n/a through = 8.34...

PT-2025-38501

Name of the Vulnerable Software and Affected Versions Goza - Nonprofit Charity WordPress Theme versions prior to and including 3.2.2 Description The Goza - Nonprofit Charity WordPress Theme is vulnerable to unauthorized arbitrary file uploads due to a missing capability check on the beplus import...

CVE-2025-58745

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

CVE-2025-58745 WeGIA has a bypass for the fix for CVE-2025-22133 - Arbitrary File Upload leads to Remote Code Execution (RCE)

WeGIA is a Web manager for charitable institutions. The fix for CVE-2025-22133 was not enough to remediate the arbitrary file upload vulnerability. The WeGIA only check MIME types for Excel files at endpoint /html/socio/sistema/controller/controlaxlsx.php, which can be bypassed by using magic byt...

PT-2025-36524

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.11 Description: WeGIA is a Web manager for charitable institutions. An arbitrary file upload issue exists due to insufficient file type validation. The application only checks MIME types for Excel files at the...

Exploit for Improper Handling of Parameters in Fortinet Fortiweb

🚨 FortiWeb Authentication Bypass → Remote Code Execution...

CVE-2025-24775

Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms forms-by-made-it allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through = 2.9.0...

Exploit for Deserialization of Untrusted Data in Microsoft

ToolShell → CVE‑2025‑53770 Exploit PoC This package allows: 1...

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 - FortiWeb Vulnerability Checker & Exploit A P...

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 Exploit Tool Credits Based on watchTowr La...

PT-2025-26193 · Versa · Versa Director Sd-Wan Orchestration Platform

Name of the Vulnerable Software and Affected Versions: Versa Director SD-WAN orchestration platform affected versions not specified Description: The Versa Director SD-WAN orchestration platform has an issue with file upload permissions, allowing authenticated attackers to upload arbitrary files,...

Exploit for Improper Protection of Alternate Path in Vbulletin

Description: RCE for Vbullettin versions between 5.0.0 - 5...

CVE-2024-46540

A remote code execution RCE vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system privileges...

CVE-2023-30855

Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...

CVE-2022-40471

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

CVE-2022-46135

In AeroCms v0.0.1, there is an arbitrary file upload vulnerability at /admin/posts.php?source=editpost , through which we can upload webshell and control the web server...

WordPress plugin Crossword Compiler Puzzles 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A code issue vulnerability...

CVE-2021-29004

rConfig 3.9.6 is affected by SQL Injection. A user must be authenticated to exploit the vulnerability. If --secure-file-priv in MySQL server is not set and the Mysql server is the same as rConfig, an attacker may successfully upload a webshell to the server and access it remotely...

CVE-2020-21585

Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...