TextPattern CMS 4.9.0-dev Remote Command Execution

Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Date: 07/04/2021 Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3...

File Upload Vulnerability in UFIDA Nccloud (CNVD-2021-52060)

NC Cloud is a large enterprise digitalization platform launched by UFIDA. A file upload vulnerability exists in UFIDA Nccloud, which can be exploited by an attacker to upload a webshell and gain server privileges...

File Upload Vulnerability in PHPOK of Shenzhen Kunshuo Technology Co., Ltd (CNVD-2021-51871)

PHPOK is a website building content management system to achieve customized open source free website building cms system. Ltd. PHPOK file upload vulnerability, attackers can use the vulnerability to upload webshell, to obtain server privileges...

File Upload Vulnerability in PHPOK of Shenzhen Kunshuo Technology Co., Ltd (CNVD-2021-51870)

PHPOK is a website building content management system to achieve customized open source free website building cms system. Ltd. PHPOK file upload vulnerability, attackers can use the vulnerability to upload webshell, to obtain server privileges...

PHP Webshell Upload Over HTTP

An attacker might upload a webshell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

File Upload Vulnerability in Flash Flood Monitoring and Early Warning Distribution System of Siltronic Technology Co.

Siltronic Ltd. is an information service provider for disaster reduction and profitability. An arbitrary file upload vulnerability exists in the Flash Flood Detection and Early Warning Platform of Sicron Technology Limited, which allows an attacker to upload an aspx file to gain access to the...

Exploitation of Accellion File Transfer Appliance

Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,1 New Zealand,2 Singapore,3 the United Kingdom,4 and the United States.56 These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance...

SQL Injection Vulnerability in Farmers' Credit Information System of Nanning Desi Technology Co.

Nanning Desi Technology Co., Ltd, business scope includes computer software development and technical services; computer, office equipment sales and maintenance, etc.. A SQL injection vulnerability exists in the Farmer Credit Information System of Nanning Desi Technology Co. An attacker can utili...

File upload vulnerability in deituiCMS (CNVD-2021-45393)

deituiCMS is a set of open source free website building CMS. A file upload vulnerability exists in deituiCMS. An attacker can exploit the vulnerability to upload webshell and gain server privileges...

OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)

Exploit Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated Date 12.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: Prior to 5.0.1.4 Tested on...

WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)

Exploit Title: WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution Unauthenticated Date: 2021/06/08 Exploit Author: Fellipe Oliveira Vendor Homepage: https://gvectors.com/ Software Link: https://downloads.wordpress.org/plugin/wpdiscuz.7.0.4.zip Version: wpDiscuz 7.0.4 Tested on: Debian9,...

Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)

Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Date: 2021-06-06 Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...

File upload vulnerability in disk enterprise LCMS (CNVD-2021-43592)

Pan Enterprise LCMS is a lightweight PHP development framework . A file upload vulnerability exists in PanEnterprise LCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

Wordpress wpDiscuz 7.0.4 Plugin - Arbitrary File Upload (Unauthenticated) Exploit

Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...

EacooPHP has a file upload vulnerability

EacooPHP is a lightweight WEB product development framework based on ThinkPHP 5.0.21. EacooPHP suffers from a file upload vulnerability. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

WellCMS File Upload Vulnerability

WellCMS is an open source with a billion load, tend to mobile, lightweight, with ultra-fast response ability of high load CMS, is a large amount of data, high concurrency access to the site's best choice of light CMS. has a safe, efficient, stable, ultra-fast speed, super load characteristics. A...

Catfish CMS suffers from a file upload vulnerability (CNVD-2021-42363)

Catfish catfish CMS is open source and free PHPCMS web content management system. Catfish CMS has a file upload vulnerability. An attacker can use the vulnerability to upload a webshell and gain server privileges...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

Design/Logic Flaw

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...