CVE-2020-19302

The CVE-2020-19302 issue affects vaeThink v1.0.1, where the avatar upload function accepts arbitrary file uploads. The root cause is that uploaded files can be misrepresented by changing the suffix to #".php"#, enabling an attacker to execute a webshell. Impact is high per the cited sources, with...

CVE-2020-19302

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php"...

vaeThink 代码问题漏洞

vaeThink is a software application. Based on ThinkPHP5 and Layui development, in keeping the core concept of rapid development and the road to simplicity remains unchanged at the same time, the general project of the necessary functionality of the basic development and packaging, to help users in...

ObjectPlanet Opinio 7.13 Shell Upload Vulnerability

Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26806 Exploit Title: ObjectPlanet Opinio version 7.13 allows unrestricted file upload Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timoth...

ObjectPlanet Opinio 7.13 Shell Upload

Exploit Authors: Timothy Tan , Daniel Tan, Yu EnHui, Khor Yong Heng CVE: CVE-2020-26806 Exploit Title: ObjectPlanet Opinio version 7.13 allows unrestricted file upload Vendor Homepage: https://www.objectplanet.com/opinio/ Software Link: https://www.objectplanet.com/opinio/ Exploit Authors: Timoth...

Hutchinson Next-Generation Cloud Desktop Has File Upload Vulnerability

Hutchison Next Generation Desktop is a desktop virtualization product based on NGD Next Generation Desktop architecture. Hutchinson Next Generation Desktop has a file upload vulnerability, which can be exploited by attackers to upload a webshell and gain server privileges...

File upload vulnerability in concrete friend mixing plant ERP management system

Hunan AOKE Network Technology Co., Ltd. is a concrete enterprise informatization solution provider. The concrete friend mixing station ERP management system has an arbitrary file upload vulnerability, which can be exploited by an attacker to upload a webshell and gain server privileges...

File Upload Vulnerability in Multimedia Information Distribution System of Shenzhen Inge Intelligent Technology Co.

Shenzhen Inge Intelligent Technology Co., Ltd, general business items are: research and development, sales and leasing of computer software and hardware; Internet and Internet of Things technology development, technology consulting, technical services and so on. Shenzhen Inge Intelligent Technolo...

File Upload Vulnerability in SEMCMS Shop

SEMCMS Shop is a self-developed open source online store btc system. A file upload vulnerability exists in SEMCMS Shop. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File Upload Vulnerability in Library Cluster Management System of Guangzhou Tutron Computer Software Development Co. Ltd (CNVD-2021-52386)

Ltd. is a high-tech enterprise integrating product research and development, application integration and customer service, with the main goal of providing high-quality application software system design, integration and maintenance services for users in the library industry. There is a file uploa...

Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution (Unauthenticated)

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Date: 2021-07-07 Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

SQL Injection Vulnerability in RG-UAC Ruijie Unified Internet Behavior Management and Auditing System

Ruijie Unified Internet Behavior Management and Auditing System is an Internet behavior management and auditing product independently developed by Ruijie Networks. The RG-UAC Unified Internet Behavior Management and Audit System has a SQL injection vulnerability, which can be exploited by an...

File Upload Vulnerability in the Switch Centralized Management Platform of Shenzhen VMware Technology Co.

Ltd. is a network total solution and smart home solution provider. A file upload vulnerability exists in the switch centralized management platform of Shenzhen WML Technology Co. Ltd. that can be exploited by an attacker to upload a webshell and gain server privileges...

File Upload Vulnerability in Worms CMS Enterprise Content Management System

Worms CMS enterprise content management system using an object-oriented approach to the development of independent research and development of PHP framework, it is a content management system, the product is based on PHP + Mysql architecture, can run on Linux, Windows, MacOSX, Solaris and other...

File Upload Vulnerability in Travel Management System in PHP (CNVD-2021-51849)

Travel Management System in PHP is an automated system designed to help customers easily check their parcel details while helping travel companies track packages online. A file upload vulnerability exists in Travel Management System in PHP, which can be exploited by an attacker to upload a webshe...

File Upload Vulnerability in Exam Hall Management System

Exam Hall Management System is a PHP project that automates the process of exam assignment and seating arrangements. A file upload vulnerability exists in Exam Hall Management System, which can be exploited by an attacker to upload a webshell and gain server privileges...

TextPattern CMS 4.9.0-dev - Remote Command Execution (Authenticated) Exploit

Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3 import requests fro...

File Upload Vulnerability in Travel Management System in PHP

Travel Management System in PHP is an automated system designed to help customers easily check their parcel details while helping travel companies track packages online. A file upload vulnerability exists in Travel Management System in PHP, which can be exploited by an attacker to upload a webshe...

File upload vulnerability in Exam Hall Management System (CNVD-2021-51846)

Exam Hall Management System is a PHP project that automates the process of exam assignment and seating arrangements. A file upload vulnerability exists in Exam Hall Management System, which can be exploited by an attacker to upload a webshell and gain server privileges...