84 matches found
Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE
The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com Cooki...
Include Me <= 1.2.1 - Authenticated Remote Code Execution (RCE) via LFI log poisoning
The plugin is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution RCE of the system due to log poisoning and therefore potentially a full compromise of the underlying structure PoC RCE through chaining LFI with log poisoning 1. Path Traversal / Local File...
BigTree CMS Multiple Vulnerabilities (Sep 2020)
BigTree CMS is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-32630
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...
Design/Logic Flaw
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...
CVE-2021-32630
CVE-2021-32630 affects Admidio prior to version 4.0.4, where an authenticated user with upload permissions can exploit the Documents & Files upload feature to achieve remote code execution via a .phar-renamed PHP web shell. The payload can trigger a reverse or bind shell when the uploaded file is...
Input validation
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...
Dolibarr ERP 11.0.4 - File Upload Restrictions Bypass (Authenticated RCE)
Exploit Title: Dolibarr ERP/CRM 11.0.4 - File Upload Restrictions Bypass Authenticated RCE Date: 16/06/2020 Exploit Author: Andrea Gonzalez Vendor Homepage: https://www.dolibarr.org/ Software Link: https://github.com/Dolibarr/dolibarr Version: Prior to 11.0.5 Tested on: Debian 9.12 CVE :...
Metasploit Wrap-Up
MobileIron MDM Hessian-Based Java Deserialization RCE Our very own wvu-r7 has added exploits/linux/http/mobileironmdmhessianrce, which exploits an ACL bypass in MobileIron MDM products to execute a Java deserialization attack using a Groovy gadget against a Hessian based endpoint. CVE-2020-15505...
CMS Made Simple 2.2.15 Remote Command Execution
Exploit Title: CMS Made Simple 2.2.15 - RCE Authenticated Author: Andrey Stoykov Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: https://www.cmsmadesimple.org/downloads/cmsms Version: 2.2.15 Tested on: Debian 10 LAMPP Exploit and Detailed Info:...
GitLab 11.4.7 - Remote Code Execution (Authenticated)
Exploit Title: GitLab 11.4.7 Authenticated Remote Code Execution No Interaction Required Date: 15th December 2020 Exploit Author: Mohin Paramasivam Shad0wQu35t Software Link: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested on...
Exploit for OS Command Injection in Oscommerce
PoC exploit for CVE-2020-27976, an authenticated remote code exe...
CVE-2020-14883 — Authenticated RCE in Console component of Oracle WebLogic Server
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP...
Dynamic Content for Elementor < 1.9.6 - Authenticated RCE
The PHP Raw Widget https://www.dynamic.ooo/widget/php-raw/ of the Dynamic Content for Elementor plugin before 1.9.6 did not properly check for user permissions, allowing accounts with a role as low as editor to perform RCE attacks. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com...
Cayin CMS NTP Server 11.0 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cayin CMS NTP Server RCE', 'Description' = %q This module exploits an authenticated RCE in Cayin CMS MSFLICENSE, 'Author' = 'h00die', msf module...
CVE-2019-19356
CVE-2019-19356 affects Netis WF2419 routers. A authenticated attacker can achieve remote code execution as root via the router Web management page, based on vulnerable firmware versions V1.2.31805 and V2.2.36123. The root cause is lack of input sanitization in the web interface, enabling exploita...
Exploit for Unrestricted Upload of File with Dangerous Type in Artica Pandora_Fms
CVE-2020-5844 Authenticated RCE in PandoraFMS 7.0-NG 742 A...
CMS Made Simple Authenticated RCE via object injection
An issue was discovered in CMS Made Simple 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1allparms parameter, an...
Dolibarr < 9.0.3 Multiple Vulnerabilities
Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; if description...
MyBB < 1.8.21 - Remote Code Execution
/ Exploit Title: MyBB 1.8.21 Authenticated RCE Date: July 24, 2019 Exploit Author: Giovanni Chhatta https://www.linkedin.com/in/giovannichhatta/ Vendor Homepage: https://mybb.com/ Software Link: https://resources.mybb.com/downloads/mybb1820.zip Version: 1.8.20 Tested on: Windows 10 Blog:...