Remote file inclusion

A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which allows remote attackers to execute arbitrary PHP code...

CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname...

CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname...

Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Date: 03.06.2021 Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...

Monstra CMS 3.0.4 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution Authenticated Exploit Author: Ron Jost hacker5preme Vendor Homepage: https://monstra.org/ Software Link: https://monstra.org/monstra-3.0.4.zip Version: 3.0.4 Tested on: Ubuntu 20.04 CVE: CVE-2018-6383 Documentation:...

CVE-2020-20092

File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code...

Unrestricted file upload

File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code...

Command Execution Vulnerability in PbootCMS of Hunan Aoyun Network Technology Co. Ltd (CNVD-2021-32163)

PbootCMS is an open source and free PHP enterprise web development and construction management system. Hunan Avion Network Technology Co., Ltd PbootCMS has a command execution vulnerability that can be exploited by attackers to execute arbitrary PHP code and gain server privileges...

Command Execution Vulnerability in PbootCMS of Hunan Aoyun Network Technology Co. Ltd (CNVD-2021-30915)

PbootCMS is an open source and free PHP enterprise web development and construction management system. Hunan Avion Network Technology Co., Ltd PbootCMS has a command execution vulnerability that can be exploited by attackers to execute arbitrary PHP code and gain server privileges...

Invigo Automatic Device Management Command Injection Vulnerability

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A command injection vulnerability exists in /admin/broadcast.php in Invigo Automat...

CVE-2020-10580

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

Command injection

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

CVE-2020-10580

A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management ADM through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application...

Invigo Automatic Device Management 命令注入漏洞

Invigo Automatic Device Management ADM is a native management tool for cellular operators that enables them to detect, maintain and manage millions of devices cost-effectively and with a high degree of reliability. A command injection vulnerability exists in /admin/broadcast.php in Invigo Automat...

PT-2021-9155 · Invigo · Invigo Automatic Device Management

Name of the Vulnerable Software and Affected Versions: Invigo Automatic Device Management ADM versions through 5.0 Description: A command injection issue in the /admin/broadcast.php script allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the...

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

The Drupal project uses the PEAR ArchiveTar library. The PEAR ArchiveTar library has released a security update that impacts Drupal. For more information please see: CVE-2020-28948 CVE-2020-28949 Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2, or .tlz...

CVE-2020-5796

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges...

Input validation

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges...

CVE-2020-5796

Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges...

Unrestricted file upload

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...