CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to a file-upload flaw where the upload file type is controllable in the CMS background, enabling an attacker to modify the file type and potentially obtain a webshell. Root cause: incomplete verification of uploaded file types. Impact: webshell capability is implie...

FDCMS File Containment Vulnerability

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A file inclusion vulnerability exists in FDCMS version 4.0. An attacker can exploit this vulnerability to obtain a webshell in the background via Front/lib/Action/FindexAction.class.php...

WellCMS 代码问题漏洞

WellCMS is an open source with a billion load, tend to mobile, lightweight, with ultra-fast response ability of high load CMS, is a large amount of data, high concurrency access to the site's best choice of light CMS. has a safe, efficient, stable, ultra-fast speed, super load characteristics. A...

CVE-2020-35442

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

CVE-2020-35442

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

Design/Logic Flaw

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

CVE-2020-35442

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

CVE-2020-35442

FDCMS (Fangfa Content Management System) 4.0 is affected by a file inclusion vulnerability in Front/lib/Action/FindexAction.class.php, allowing remote attackers to obtain a webshell in the background. The issue is described across multiple sources (CNVD/CNNVD) as a PHP-based vulnerability in vers...

Fangfa FDCMS 代码问题漏洞

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A file inclusion vulnerability exists in FDCMS version 4.0. An attacker can exploit this vulnerability to obtain a webshell in the background via Front/lib/Action/FindexAction.class.php...

PHP 8.1.0-dev Backdoor Remote Command Execution

!/usr/bin/env python3 Exploit Title: PHP 8.1.0-dev WebShell RCE Unauthenticated Date: 2021-05-31 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Kali GNU/Linux 2020...

File Upload Vulnerability in UFIDA NC Cloud Large Enterprise Digitization Platform

NC Cloud, a large enterprise digitalization platform, deeply applies the new generation of digital technologies to build an open, interconnected, convergent and intelligent integrated cloud platform and other three strategic directions for enterprise digital transformation, and provides 18...

slopShell - The Only Php Webshell You Need

php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file uploadyourself, in an educational environment and a way to send http requests to this webshell. Basic Usage VideoHosted on Youtube: Current VT Detection...

Pluck CMS suffers from a file upload vulnerability (CNVD-2021-40249)

Pluck CMS is a PHP-based content management system. Pluck CMS suffers from a file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...

Cross site scripting

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...

Pluck CMS 4.7.13 Remote Shell Upload

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Date: 25.05.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.0...

Codiad 2.8.4 - Remote Code Execution (Authenticated) Exploit (3)

Exploit Title: Codiad 2.8.4 - Remote Code Execution Authenticated 3 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: http://codiad.com/ Software Link: https://github.com/Codiad/Codiad/releases/tag/v.2.8.4 Version: 2.8.4 Tested on Xubuntu 20.04 CVE: CVE-2018-19423 ''' Description: Codiad 2.8...

Pluck CMS 4.7.13 - File Upload Remote Code Execution (Authenticated) Exploit

Exploit Title: Pluck CMS 4.7.13 - File Upload Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck/releases/tag/4.7.13 Version: 4.7.13 Tested on Xubuntu 20.04 CVE:...

SP Project & Document Manager < 4.22 - Authenticated Shell Upload

The plugin allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for...

File Upload Vulnerability in PatrolFlow Multiservice Security Gateway Intelligent Management Platform

Beijing Byzoro Networks Technology Co., Ltd hereinafter referred to as Byzoro Networks is a high-tech enterprise dedicated to building the next-generation secure Internet. A file upload vulnerability exists in PatrolFlow Multi-service Security Gateway Intelligent Management Platform. Attackers ca...