8 matches found
CVE-2024-58279 appRain CMF 4.0.5 Authenticated Remote Code Execution via Filemanager Upload
appRain CMF 4.0.5 contains an authenticated remote code execution vulnerability that allows administrative users to upload malicious PHP files through the filemanager upload endpoint. Attackers can leverage authenticated access to generate a web shell with command execution capabilities by...
CVE-2025-41032
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...
CVE-2025-41059
A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/tablesorter...
CVE-2025-41034
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...
CVE-2025-41033
An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...
PT-2025-35903
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: An SQL injection flaw exists in appRain CMF version 4.0.5. This flaw allows an attacker to retrieve, create, update, and delete the database through the data%5BAdmin%5D%5Busername%5D parameter in the...
PT-2025-35934
Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A reflected cross-site scripting XSS issue exists in appRain CMF version 4.0.5. The issue is due to insufficient validation of user-supplied input. The vulnerability is triggered through the s parameter ...
appRain CMF 4.0.5 Shell Upload
Exploit Title: appRain CMF 4.0.5 - Remote Code Execution RCE Authenticated Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.apprain.org Software Link: https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip Version: latest Tested on: MacOS import requests...