2118 matches found
Subrion CMS 4.2.1 Shell Upload
Exploit Title: File Upload Bypass to RCE Authenticated Google Dork: N/A Date: 17/05/2021 Exploit Author: Fellipe Oliveira Vendor Homepage: https://subrion.org/ Software Link: https://github.com/intelliants/subrion Version: SubrionCMS 4.2.1 Tested on: Debian9, Debian 10 and Ubuntu 16.04 CVE :...
File Upload Vulnerability in Lionfish Merchant Management System
Xiamen Lionfish Network Technology Co., Ltd. is an Internet innovation model software products and solutions as the core, mainly focusing on e-commerce system development and business solutions for high-tech enterprises. A file upload vulnerability exists in the Lionfish Merchant Management Syste...
File Upload Vulnerability in Dahua In-vehicle Integrated Management Platform of Zhejiang Dahua Technology Co.(CNVD-2021-35890)
Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the Dahua vehicle integrated management platform of Zhejiang Dahua Technology Co. An attacker can exploit the vulnerability to upload a...
File Upload Vulnerability in Dahua In-vehicle Integrated Management Platform of Zhejiang Dahua Technology Co.
Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. A file upload vulnerability exists in the Dahua vehicle integrated management platform of Zhejiang Dahua Technology Co. An attacker can exploit the vulnerability to upload a...
File Upload Vulnerability in SEMCMS PHP (Multilingual) Version
SemCms is an open source foreign trade enterprise website management system. A file upload vulnerability exists in the PHP multilingual version of SEMCMS. An attacker can exploit the vulnerability to upload webshell and gain server privileges...
Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell
Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...
GetSimple CMS Custom JS 0.1 CSRF / XSS / Code Execution
Exploit Title: GetSimple CMS Custom JS v0.1 - CSRF to XSS to RCE Exploit Author: Bobby Cooke boku & Abhishek Joshi Date: April 30th, 2021 Vendor Homepage: http://get-simple.info Software Link: http://get-simple.info/download/ & http://get-simple.info/extend/plugin/custom-js/1267/ Vendor: 4Enzo...
File upload vulnerability in PHPOK backend
PHPOK is a set of enterprise website system developed in PHP + MYSQL language. A file upload vulnerability exists in the PHPOK backend. An attacker can exploit the vulnerability to upload webshell and gain server privileges...
File upload vulnerability in ClassCMS backend (CNVD-2021-35844)
ClassCMS is a content management system. A file upload vulnerability exists in the ClassCMS backend. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Panavision OA
Panavision OA E-Office is a standard version of the Panavision collaborative office system program released by Shanghai Panavision Network Technology Co. A file upload vulnerability exists in E-Office. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in e-office Panmicro Collaboration Office System
e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, and asset management functions. A file upload vulnerabili...
Document Management System 1.0 SQL Injection / Remote Code Execution Exploit
Exploit Title: Document Management System - SQL Injection to RCE webshell Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/7652/document-management-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 !/usr/bin/python3 import requests import sy...
GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting
Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE Exploit Author: Bobby Cooke boku Date: 22/04/2021 Vendor Homepage: http://get-simple.info & Software Link: http://get-simple.info/download/ Version: Exploit = v1.1.1 | Stored XSS = v1.1.2 Tested against Server...
Document Management System 1.0 SQL Injection / Remote Code Execution
Exploit Title: Document Management System - SQL Injection to RCE webshell Date: 23/04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/7652/document-management-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 !/usr/bin/python3 import...
Exploit for Improper Input Validation in Microsoft
Weaponized CVE-2019-0604 Automated Exploit Tool to Maximize C...
UCMS suffers from a file upload vulnerability (CNVD-2021-33188)
UCMS is a simple web content management system. A file upload vulnerability exists in UCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
Remote code execution
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
WonderCMS 3.1.3 is affected by a remote code execution via installUpdateThemePluginAction in index.php, enabling an attacker to upload a crafted plugin through the theme/plugin installer and execute arbitrary code. Some sources indicate this requires an authenticated session (authenticated RCE) a...