Design/Logic Flaw

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code...

Unrestricted file upload

An unrestricted file upload at /public/admin/index.php?addproduct of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component...

CVE-2022-28062

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code...

CVE-2022-28062

CVE-2022-28062 affects Car Rental System v1.0. The vulnerability is an arbitrary file upload via the Add Car component, enabling an attacker to upload a webshell and execute arbitrary code. The provided connected records corroborate this issue across multiple sources; no remediation, patch versio...

CVE-2022-27435

An unrestricted file upload at /public/admin/index.php?addproduct of Ecommerce-Website v1.1.0 allows attackers to upload a webshell via the Product Image component...

CVE-2022-27435

The vulnerability CVE-2022-27435 affects Ecommerce-Website v1.1.0, where an unrestricted file upload in the Product Image component at /public/admin/index.php?add_product enables attackers to upload a webshell. The core issue is lack of file upload restrictions in the admin add_product endpoint, ...

Car Rental System 代码问题漏洞

Car Rental System is a car rental system by AMEY THAKUR, an individual developer in India. A security vulnerability exists in Car Rental System v1.0, which stems from a missing file upload restriction in the Add Car component. An attacker can use this vulnerability to upload a webshell and execut...

Ecommerce-Website 代码问题漏洞

Ecommerce-Website is a complete e-commerce website with an administration panel built using PHP and MySql. v1.1.0 of Ecommerce-Website is vulnerable to a file upload vulnerability, which stems from a lack of file upload restrictions in public/admin/index.php?addproduct The vulnerability is caused...

isic.lk-RCE

Usage python exp.py http://localhost/isic !image-20...

Exploit for Code Injection in Vmware Spring_Framework

SpringFrameworkCVE-2022-22965RCE SpringFramework 远程代码执行漏洞CVE...

Exploit for Code Injection in Vmware Spring_Framework

Simple Spring4Shell POC ----------------------- Check if end...

Exploit for Code Injection in Vmware Spring_Framework

Spring Framework RCE exploitation Quick pentest notes...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell PoC Application This is a dockerized application...

COMPIE CMS Leado Local File Include Vulnerability

Exploit Title: COMPIE CMS Leado Local File Include Google Dork: /index.php?pathAjax= Date: 3/30/2022 Exploit Author: iranhack Security Team Vendor Homepage: iranhack.com Software Link: http://www.compie.co.il/ Version: V.1.0 Tested on: KaliLinux,windows 10 Local File Include...

Message System 1.0 SQL Injection

Title: Message System 1.0 1.0 Blind Time SQLi To Rce Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15249/message-system-phpoop-free-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/pmms1.zip Reference:...

Atom CMS 1.0.2 Shell Upload

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

Atom CMS 2.0 - Remote Code Execution Exploit

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script uploads...

Fingerprint Attendance 1.0 SQL Injection Vulnerability

Title: Fingerprint Attendance 1.0 Blind boolean SQLi To Rce Author: Hejap Zairy Vendor: https://www.vetbossel.in/fingerprint-attendance-project-php/ Software: https://app.box.com/s/xlyqalhvayq8oi25tqykcbouzrrjytqy Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache Steps 1...

Atom CMS 2.0 - Remote Code Execution (RCE)

Exploit Title: Atom CMS 2.0 - Remote Code Execution RCE Date: 22.03.2022 Exploit Author: Ashish Koli Shikari Vendor Homepage: https://thedigitalcraft.com/ Software Link: https://github.com/thedigicraft/Atom.CMS Version: 2.0 Tested on: Ubuntu 20.04.3 LTS CVE: CVE-2022-25487 Description This script...

textpattern cross-site scripting vulnerability (CNVD-2022-34638)

Textpattern CMS is a Php-based content management system from the Textpattern team. textpattern is vulnerable to cross-site scripting, which can be exploited by unauthenticated remote attackers to trigger remote code execution using XSS by uploading a webshell...