Pluck 4.7.7-dev2 - PHP Code Execution

Exploit Title: Pluck 4.7.7-dev2 - PHP Code Execution Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck Software Link: https://github.com/pluck-cms/pluck Version: 4.74-dev5 Tested on: Ubuntu Windows CVE : CVE-2018-11736 PoC: 1） 1. Log in to the Pluck...

CVE-2025-12331

A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited...

EUVD-2025-36375

A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited...

CVE-2025-12331

A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited...

CVE-2025-12331

A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited...

CVE-2025-12331 Willow CMS add unrestricted upload

A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited...

CVE-2025-12331 Willow CMS add unrestricted upload

A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited...

Willow CMS 代码问题漏洞

Willow CMS is a content management system for mndeaves individual developers. A code issue vulnerability exists in Willow CMS version 1.4.0 and prior versions, which stems from the presence of an unrestricted upload function in the file /admin/images/add, which could lead to a remote attack...

PT-2025-44058

Name of the Vulnerable Software and Affected Versions Willow CMS versions prior to 1.4.1 Description A flaw exists in Willow CMS that allows for unrestricted file uploads. This issue is present in a file located at /admin/images/add and involves an unknown function. Remote attackers can exploit...

CVE-2024-4873

The Replace Image plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.10 via the image replacement functionality due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Author-level...

CVE-2024-34957

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via the component admin/sysImagesdeal.php?mudi=infoSet...

PT-2023-16333 · Unknown · Phpgurukul Online Security Guards Hiring System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Security Guards Hiring System version 1.0 Description: A vulnerability was found in the PHPGurukul Online Security Guards Hiring System, affecting some unknown functionality of the file search-request.php. The manipulation o...

DBImageGallery 1.2.2 (donsimg_base_path) RFI Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ DBImageGallery 1.2.2 donsimgbasepath RFI Vulnerabilities ============================================================ DBImageGallery 1.2.2 Found by Denven ERROR:...

CVE-2006-2281

X-Scripts X-Poll (xpoll) 2.30 is affected by an RCE via admin/images/add.php: an attacker can upload a PHP file and access it remotely. The underlying issue is improper file upload handling that allows execution of arbitrary PHP code. This affects the product as described in CVE-2006-2281 and is ...

PT-2004-3258 · Phpx · Phpx

Name of the Vulnerable Software and Affected Versions: PHPX versions 3.0 through 3.2.6 Description: A cross-site request forgery CSRF issue allows remote attackers to execute arbitrary commands via specific URLs that are automatically executed on behalf of the administrator. The affected URLs...