File Upload Vulnerability in WeCenter 3.6.0 Admin Backend

WeCenter is an open source knowledge-based social Q&A community program. A file upload vulnerability exists in the WeCenter 3.6.0 administration background, which can be exploited by an attacker to upload a webshell and gain server privileges...

File upload vulnerability in EyouCms of Hainan Zanzan Network Technology Co. Ltd (CNVD-2020-50721)

EyouCms is a free + open source enterprise content management system developed on the core of TP5.0 framework. A file upload vulnerability exists in EyouCms of Hainan Zanzan Network Technology Co. An attacker can exploit the vulnerability to upload webshell and gain server privileges...

File Upload Vulnerability in Enterprise Website Building System of Zibo Shining Network Technology Co. Ltd (CNVD-2020-50745)

Zibo Shining Network Technology Co., Ltd. enterprise station-building system a specialized enterprise station-building solutions for the product. There is a file upload vulnerability in the Zibo Shining Network Technology Co. An attacker can use the vulnerability to upload a webshell and gain...

File Upload Vulnerability in the Backend of Tongda OA of Beijing Tongda Science and Technology Co.

Tongda OA Office Anywhere Network Intelligent Office System is a collaborative office automation software developed by Beijing Tongda Science and Technology Co. Ltd. is a collaborative office automation software developed by the company. A file upload vulnerability exists in the background of...

File upload vulnerability in lemocms Up***.php file

lemocms aka lemocms backend management system is a completely open source project based on the latest version of ThinkPHP6, layui+easywechat framework development, easy to extend the functionality, code maintenance, and convenient for the second development. lemocms Up.php file file upload...

Car Rental Management System 1.0 Remote Code Execution

Exploit Title: Car Rental Management System v1.0 - Unauthenticated RCE Exploit Author: Adeeb Shah @hyd3sec Shout out: Bobby Cooke boku Date: August 3, 2020 Vendor Homepage: https://projectworlds.in Software Link:...

LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909...

Online Course Registration 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Date: 2020-07-15 Vendor Homepage: Vendor Homepage:...

Company Visitor Management System (CVMS) 1.0 SQL Injection

Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Date: 2020-07-20 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/company-visitor-management-system-using-php-and-mysql/...

Company Visitor Management System (CVMS) 1.0 SQL Injection Vulnerability

Company Visitor Management System CVMS version 1.0 suffers from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass. Exploit Title: Company Visitor Management System CVMS 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos68...

LibreHealth 2.0.0 Remote Code Execution Exploit

Exploit Title: LibreHealth v2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909 x6486 + XAMPP 7.4.4 Exploit Tested Using: Python 2.7.17...

RiteCMS 2.2.1 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: RiteCMS 2.2.1 - Remote Code Execution Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux 1- Go to following url. http://CHANGE-THIS/ritecms/cms/ 2- Default username and password is...

File upload vulnerability in MCMS frontend up***.do page

MCMS is a website building system of MINGFEI TECHNOLOGY CO. A file upload vulnerability exists in the MCMS frontend up.do page. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File upload vulnerability in MCMS backend up***.do page

MCMS is a website building system of MINGFEI TECHNOLOGY CO. A file upload vulnerability exists in the MCMS backend up.do page. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

Vehicle Parking Management System 1.0 SQL Injection Vulnerability

Vehicle Parking Management System version 1.0 suffer from multiple remote SQL Injection vulnerabilities, one of which allows for authentication bypass. Exploit Title: Vehicle Parking Management System 1.0 - Authentication Bypass Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 |...

RiteCMS 2.2.1 - Remote Code Execution

Exploit Title: RiteCMS 2.2.1 - Remote Code Execution Date: 2020-07-03 Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux 1- Go to following url. http://CHANGE-THIS/ritecms/cms/ 2- Default username and password is admin:admin. 3- Go "Filemanager" and...

Vehicle Parking Management System 1.0 SQL Injection

Exploit Title: Vehicle Parking Management System 1.0 - Authentication Bypass Date: 2020-07-16 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/vehicle-parking-management-system-using-php-and-mysql/ Software...

File upload vulnerability exists in Swordfish Forum (CNVD-2020-49099)

Swordfish Forum is a bbs forum system. A file upload vulnerability exists in Swordfish Forum. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

Arbitrary File Upload Vulnerability in Heartland OA Network Intelligent Office System

Heartland OA Network Intelligent Office System is a multi-functional intelligent office application software. An arbitrary file upload vulnerability exists in the HeartStone OA Network Intelligent Office System. An attacker can exploit the vulnerability to upload a webshell and gain server...

File upload vulnerability in MCMS backend wr***.do page

MCMS is a website building system of MINGFEI TECHNOLOGY CO. A file upload vulnerability exists in the MCMS backend wr.do page. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...