2118 matches found
Phone Shop Sales Management System 1.0 Shell Upload
Exploit Title: Phone Shop Sales Management System - Arbitrary File Upload Unauthenticated Date: 20/04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4...
WonderCMS 操作系统命令注入漏洞
WonderCMS is a PHP-based open source content management system CMS. WonderCMS 3.1.3 exists an operating system command injection vulnerability, the vulnerability stems from an operating system command injection vulnerability in the installUpdateThemePluginAction function in index.php, which allow...
Phone Shop Sales Management System 1.0 Shell Upload Exploit
Exploit Title: Phone Shop Sales Management System - Arbitrary File Upload Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 import requests...
File Upload Vulnerability in Super cms v2.39 (CNVD-2021-32173)
Super CMS content management system by the SEO Research Center moonseo.cn in order to solve the problem of website optimization and research and development of a set of products, this product adopts an object-oriented approach to independent research and development of the MVC framework...
File Upload Vulnerability in Weilian Technology WiSCADA
WiSCADA industrial configuration software is a 3D industrial configuration software product that supports Windows, Android and IOS cross-platform. A file upload vulnerability exists in Weilian Technology WiSCADA. An attacker can exploit the vulnerability to upload a webshell and gain server...
File Upload Vulnerability in Fish Leap CMS Backend
FishLeap CMS is made up of a content management system that is specifically geared towards enterprise applications. A file upload vulnerability exists in the backend of Fishy CMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Easy Control World (CNVD-2021-33158)
Easy Control World is an automation monitoring and information management platform created by Beijing Jiushi Yi Automation Software Co. A file upload vulnerability exists in Easy Control World. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Digital Campus Integrated Management System of Anhui Kexun Education Equipment Co.
Anhui Kexun Education Equipment Co., Ltd. is a professional information technology integrated service provider specializing in computer software research and development, sales and service. A file upload vulnerability exists in the Digital Campus Integrated Management System of Anhui Kexun...
File Upload Vulnerability in Easy Control World
Easy Control World is an automation monitoring and information management platform created by Beijing Jiushi Yi Automation Software Co. A file upload vulnerability exists in Easy Control World. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
Native Church Website 1.0 Shell Upload Exploit
Exploit Title: Native Church Website - Arbitrary File Upload Authenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11764/native-church-website-phpmysql.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 /usr/bin/python3 import requests impo...
Native Church Website 1.0 Shell Upload
Exploit Title: Native Church Website - Arbitrary File Upload Authenticated Date: 04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11764/native-church-website-phpmysql.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 /usr/bin/python3 import...
Updates on Microsoft Exchange Server Vulnerabilities
CISA has added two new Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting a...
File Upload Vulnerability in Disk Enterprise LCMS
Pan Enterprise LCMS is a lightweight PHP development framework . A file upload vulnerability exists in PanEnterprise LCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
Emlog 代码问题漏洞
Emlog is a PHP and MySQL based CMS builder by the individual developer of Emlog. A security vulnerability exists in emlog v6.0.0, which allows users to upload webshell via zip plugin module...
Exploit for Cross-site Scripting in Get-Simple Getsimple_Cms
CVE-2020-23839 | GetSimple CMS v3.3.16 - Reflected XSS to RCE...
GetSimple CMS 3.3.16 Cross Site Scripting / Shell Upload
Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...
GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit
Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.info Software Link:...
GetSimple CMS 3.3.16 - Persistent Cross-Site Scripting
Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...
File Upload Vulnerability in UCMS Backend
UCMS is a simple open source content management system. A file upload vulnerability exists in the UCMS backend. An attacker can exploit the vulnerability to upload webshell and gain server privileges...
Exploit for Server-Side Request Forgery in Microsoft
proxylogon Proof-of-concept exploit for CVE-2021-26855 and CV...