File Upload Vulnerability in Laoban CMS Backend

Laoban CMS content management system referred to as: Laoban CMS is developed by Laoban based on PHP + MYSQL environment of the open source station-building system. File upload vulnerability exists in the background of Laoban CMS. It allows attackers to upload webshell and gain server privileges...

File Upload Vulnerability in Chengdu Silo Technology Co.

Chengdu Silo Technology Co., Ltd. provides WEB-based system development, services covering web design, website program development, mainstream domain name registration, domestic and international space application, WEB system development, secondary development of WeChat, cell phone website...

File Upload Vulnerability in YCCMS v3.3

YCCMS is a PHP version of a lightweight CMS builder. A file upload vulnerability exists in YCCMS v3.3. It allows attackers to upload webshell and gain server privileges...

MetInfo Cross-Site Scripting Vulnerability (CNVD-2018-19563)

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A security vulnerability exists in the 'doexport' function in the app/system/feedback/admin/feedbackadmin.class.php file in MetInfo version 6.1.0. The vulnerability can be exploited ...

Apache Portals Pluto 3.0.0 Remote Code Execution

Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...

Apache Portals Pluto 3.0.0 - Remote Code Execution

Apache Portals Pluto 3.0.0 - Remote Code Execution Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested...

Apache Portals Pluto 3.0.0 - Remote Code Execution

Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...

Hefei City, a new software development limited liability company a new housing provident fund series of software with ultra vires access vulnerability

Hefei City, a new software development limited liability company is a computer software development, promotion and provide business management consulting services based on high-tech companies. A vulnerability exists in the Hefei Yixin Software Development Limited Liability Company's Yixin Housing...

Directory traversal

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...

Unrestricted file upload

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...

CVE-2018-1000659

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...

CVE-2018-1000658

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...

CVE-2018-1000658

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...

CVE-2018-1000658

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...

CVE-2018-1000658

LimeSurvey before version 3.14.4 contains a file-upload vulnerability in the upload feature that allows code execution via a webshell. An authenticated user could upload a ZIP archive containing PHP files and trigger execution under certain conditions. The issue is fixed in version 3.14.4 (commit...

CVE-2018-1000659

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...

PHP7CMS has a file upload vulnerability

PHP7 content management system referred to as PHP7CMS by Chunjie studio using PHP7 technology newly developed content management program. PHP7CMS has a file upload vulnerability. Allows attackers to upload webshell and gain server privileges...

File Upload Vulnerability in BEESCMS

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A file upload vulnerability exists in BEESCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

SQL Injection and File Upload Vulnerabilities in Dimix ERP Office System of Shanghai Demisa Information Technology Co.

Shanghai Demisa Information Technology Co., Ltd. is a company that develops and sells intelligent office management software. A SQL injection and file upload vulnerability exists in the Dimix ERP office system of Shanghai Demisa Information Technology Co. An attacker can exploit the vulnerabiliti...

UEditor editor two version of the arbitrary file upload vulnerability analysis-vulnerability warning-the black bar safety net

0x01 introduction UEditor by Baidu WEB front-end R & D Department development of WYSIWYG the open source rich text editor with lightweight, customizable, the user experience is excellent and other characteristics, by the majority of WEB applications use; this broke the high-risk vulnerabilities...