CVE-2026-5364

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the...

CVE-2026-33513 AVideo has an Unauthenticated Local File Inclusion in API locale (RCE possible with writable PHP)

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated API endpoint APIName=locale concatenates user input into an include path with no canonicalization or whitelist. Path traversal is accepted, so arbitrary PHP files under the web root can be...

EUVD-2005-1006

Malware in sbrugna...

CVE-2021-37221

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file...

CVE-2021-44967

A Remote Code Execution RCE vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be...

CVE-2023-48382

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...

CVE-2023-48382 Softnext Mail SQR Expert - Local File Inclusion-2

Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...

PT-2023-4770 · Unknown · Php-Fusion

Name of the Vulnerable Software and Affected Versions: PHPFusion affected versions not specified Description: The issue is related to insufficient sanitization of tainted file names that are directly concatenated with a path and subsequently passed to a require once statement. This allows arbitra...

Remote Code Execution via File upload

Description In the theme settings function, any file can be uploaded without any filter, resulting in an arbitrary php file being uploaded. Proof of Concept POST /admin/theme/huraga HTTP/1.1 Host: localhost Content-Type: multipart/form-data;...

CVE-2023-26038 ZoneMinder contains Local File Inclusion vulnerability via `web/ajax/modal.php`

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion Untrusted Search Path vulnerability via web/ajax/modal.php, where an arbitrary php file path c...

CVE-2022-0440 Catch Themes Demo Import < 2.1.1 - Admin+ Remote Code Execution

The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog ie DISALLOWUNFILTEREDHTML, DISALLOWFILEEDIT and DISALLOWFILEMODS...

CVE-2021-37221

CVE-2021-37221 affects Sourcecodester Customer Relationship Management System 1.0. A file-upload flaw in the account update and customer-create paths could let a remote attacker upload an arbitrary PHP file, enabling code execution on the server. Public references include an exploit in Exploit-DB...

Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload (CVE-2012-0299)

An arbitrary code execution vulnerability has been reported in the management GUI in Symantec Web Gateway...

XODA 0.4.5 - Arbitrary &#039;.PHP&#039; File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "XODA 0.4.5...

WordPress Front End Upload v0. 5. 4. 4 arbitrary php file upload-vulnerability warning-the black bar safety net

Title: WordPress Front End Upload v0. 5. 4. 4 Arbitrary PHP File Upload Vulnerability Author: Chris Kellum Home page: http://mondaybynoon.com/ Software address: http://downloads.wordpress.org/plugin/front-end-upload.0.5.4.4.zip Affected version: 0.5.4.4 Defect analysis ===================== Plugi...

WordPress Front End Upload v0.5.4.4 Arbitrary PHP File Upload

Exploit for php platform in category web applications Exploit Title: WordPress Front End Upload v0.5.4.4 Arbitrary PHP File Upload Vulnerability Date: 7/23/12 Exploit Author: Chris Kellum Vendor Homepage: http://mondaybynoon.com/ Software Link:...

WordPress Front End Upload 0.5.4.4 Shell Upload

Exploit Title: WordPress Front End Upload v0.5.4.4 Arbitrary PHP File Upload Vulnerability Date: 7/23/12 Exploit Author: Chris Kellum Vendor Homepage: http://mondaybynoon.com/ Software Link: http://downloads.wordpress.org/plugin/front-end-upload.0.5.4.4.zip Version: 0.5.4.4 =====================...

Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...

Symantec Web Gateway 5.0.2.8 Arbitrary PHP File Upload Vulnerability

This module exploits a file upload vulnerability found in Symantec Web Gateway's HTTP service. Due to the incorrect use of file extensions in the uploadfile function, attackers may to abuse the spywall/blockedfile.php file in order to upload a malicious PHP file without any authentication, which...

appRain CMF - Arbitrary &#039;.PHP&#039; File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "appRain CMF...