Exploit for OS Command Injection in Php

PHP CGI Argument Injection CVE-2024-4577 RCE 📜 Descripti...

Exploit for OS Command Injection in Php

PHP CGI Argument Injection CVE-2024-4577 RCE 📜 Descripti...

CVE-2024-7909

A vulnerability has been found in TOTOLINK EX1200L 9.3.5u.6146B20201023 and classified as critical. Affected by this vulnerability is the function setLanguageCfg of the file /www/cgi-bin/cstecgi.cgi. The manipulation of the argument langType leads to stack-based buffer overflow. The attack can be...

CVE-2024-7896 Tosei Online Store Management System ネット店舗管理システム p1_ftpserver.php command injection

A vulnerability was found in Tosei Online Store Management System ネット店舗管理システム 4.02/4.03/4.04. It has been rated as critical. Affected by this issue is some unknown functionality of the file /cgi-bin/p1ftpserver.php. The manipulation of the argument adrtxt leads to command injection. The attack ma...

Exploit for OS Command Injection in Php

Fastest CVE-2024-4577 Exploitation Tool Description: PHP C...

Tosei Online Store Management System 命令注入漏洞

Tosei Online Store Management System is an online store management system from Tosei Corporation. A command injection vulnerability exists in Tosei Online Store Management System versions 4.02, 4.03, and 4.04, which stems from the parameter kikaibangou in the file /cgi-bin/toseikikai.php that can...

CVE-2024-7829

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and...

TOTOLINK LR350 安全漏洞

TOTOLINK LR350 is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK LR350 suffers from an Access Control Error vulnerability that originates from an Access Control Error vulnerability contained in the /cgi-bin/ExportSettings.sh file. No details of the vulnerability are provid...

SolarWinds Web Help Desk < 12.8.3 HF 1 Deserialization RCE

The version of SolarWinds Web Help Desk installed on the remote host is prior to 12.8.3 HF1. It is, therefore, affected by a remote code execution vulnerability, that, if exploited, would allow an attacker to run commands on the host machine. Note that Nessus has not tested for these issues but h...

CVE-2024-7728

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server...

CVE-2024-7729 CAYIN Technology CMS - Sensitive File Download

The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers to download arbitrary CGI files...

CVE-2024-7728 CAYIN Technology CMS - OS Command Injection

The specific CGI of the CAYIN Technology CMS does not properly validate user input, allowing a remote attacker with administrator privileges to inject OS commands into the specific parameter and execute them on the remote server...

CVE-2024-42737

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in delBlacklist. Authenticated Attackers can send malicious packet to execute arbitrary commands...

PT-2024-30117 · Totolink · Totolink X5000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X5000r version 9.1.0cu.2350 b20230313 Description: The file /cgi-bin/cstecgi.cgi in TOTOLINK X5000r contains an OS command injection vulnerability in delBlacklist. Authenticated attackers can send malicious packets to execute arbitra...

TOTOLINK X5000R 安全漏洞

The TOTOLINK X5000R is a router from China's Gion Electronics TOTOLINK. An operating system command injection vulnerability exists in TOTOLINK X5000R version v9.1.0cu.2350b20230313. The vulnerability stems from the setLedCfg function in the file /cgi-bin/cstecgi.cgi that fails to properly filter...

CVE-2024-42747

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setWanIeCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

CVE-2024-42742

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setUrlFilterRules. Authenticated Attackers can send malicious packet to execute arbitrary commands...

CVE-2024-42741

In TOTOLINK X5000r v9.1.0cu.2350b20230313, the file /cgi-bin/cstecgi.cgi contains an OS command injection vulnerability in setL2tpServerCfg. Authenticated Attackers can send malicious packet to execute arbitrary commands...

CVE-2024-7616

A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcamcgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this...

CVE-2024-7616

A vulnerability was found in Edimax IC-6220DC and IC-5150W up to 3.06. It has been rated as critical. Affected by this issue is the function cgiFormString of the file ipcamcgi. The manipulation of the argument host leads to command injection. NOTE: The vendor was contacted early about this...