PT-2026-33467

Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload for Contact Form 7 versions prior to 1.3.9.7 Description An issue exists where unauthenticated attackers can read and exfiltrate arbitrary files readable by the web server process. This occurs because the...

Coditor <= 1.1 - Arbitrary File Edition, Deletion and Internal Directory Listing in wp-content

The coditorprocessajax AJAX call is missing any CSRF and authorisation checks, allowing low privilege users subscriber+ to read and edit any files in the wp-content folder, as well as list its content. PoC The PoC will be displayed once the issue has been remediated...

ATutor &lt; 2.2.4 - &#039;file_manager&#039; Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user privilege. The 'Upload files' section in the 'File Manager'...

ATutor 2.2.4 - file_manager Remote Code Execution Exploit #RCE

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...

CVE-2012-5231

miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code via a crafted 1 pagename or 2 area variable containing an executable extension, which is not properly handled by a update.php when writing files to content/, or b updatenews.php when writing files to content/news/...