CVE-2020-18114

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

WordPress plugin WPAMS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin Ultra Demo Importer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Exploit for CVE-2025-2249

🔐 WordPress SoJ SoundSlides Plugin ⚠️ DISCLAIMER: This ex...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878-POC CVE-2023-45878 poc for gibbon LMS on xampp...

CVE-2025-27140

WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, importardump.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comma...

WeGIA 访问控制错误漏洞

WeGIA is a web manager for welfare organizations by Nilson Lazarin Individual Developer. An access control error vulnerability exists in WeGIA versions prior to 3.2.15. An attacker exploiting this vulnerability could execute arbitrary code, including uploading a webshell...

CVE-2024-11680

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

CVE-2024-11313

The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells...

PT-2024-16906 · Trcore · Trcore'S Dvc

Name of the Vulnerable Software and Affected Versions: TRCore's DVC affected versions not specified Description: The issue concerns a Path Traversal vulnerability in TRCore's DVC, which does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary...

Exploit for CVE-2024-54761

BigAnt Office Messenger 5.6.06 RCE via SQL Injection SQL injec...

CVE-2024-11018

Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server...

CVE-2024-11017

Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server...

Grand Vice info Webopac 代码问题漏洞

Grand Vice info Webopac is an online public access catalog from China XinXueYing Info Grand Vice info. It is used for users to access library services over the Internet. A code issue vulnerability exists in Grand Vice info Webopac version 6.x prior to 6.5.1 and version 7.x prior to 7.2.3, which...

Wellchoose Administrative Management System 代码问题漏洞

Wellchoose Administrative Management System is an administrative management system from China Weiweiqiao Information Wellchoose Company. A code issue vulnerability exists in the Wellchoose Administrative Management System due to a failure to properly validate uploaded file types. A remote attacke...

CVE-2024-9985

Enterprise Cloud Database from Ragic does not properly validate the file type for uploads. Attackers with regular privileges can upload a webshell and use it to execute arbitrary code on the remote server...

Ragic Enterprise Cloud Database 安全漏洞

Ragic Enterprise Cloud Database is an enterprise cloud database from Ragic, Inc. A security vulnerability exists in versions of Ragic Enterprise Cloud Database prior to 2024/08/08 09:45:25, which stems from failure to properly validate uploaded file types, allowing an attacker with regular...

PT-2024-39982 · Ragic · Enterprise Cloud Database

Name of the Vulnerable Software and Affected Versions: Enterprise Cloud Database from Ragic affected versions not specified Description: The issue is related to the improper validation of file types for uploads in the Enterprise Cloud Database from Ragic. Attackers with regular privileges can...

Craft CMS 4.4.14 Code Injection

============================================================================================================================================= | Title : Craft CMS 4.4.14 Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bits...