Grav CMS Admin Direct Install Authenticated Plugin Upload RCE

Grav CMS version use exploit/multi/http/gravadmindirectinstallrcecve202550286 msf exploitgravadmindirectinstallrcecve202550286 show targets ...targets... msf exploitgravadmindirectinstallrcecve202550286 set TARGET msf exploitgravadmindirectinstallrcecve202550286 show options ...show and set...

EUVD-2017-16216

Malware in sbrugna...

EUVD-2015-2796

Malware in sbrugna...

EUVD-2019-0700

Malware in sbrugna...

EUVD-2022-6235

Malicious code in bioql PyPI...

EUVD-2023-45368

Malicious code in bioql PyPI...

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...

CVE-2019-10089

On Apache JSPWiki, up to version 2.11.0.M4, a carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the WYSIWYG editor, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the...

Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation

Summary Installation of a maliciously crafted plugin allows for remote code execution by an authenticated attacker. Details Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding AP...

BIT-LIMESURVEY-2022-29710

A cross-site scripting XSS vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2024-25291

Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...

CVE-2024-25291

CVE-2024-25291 affects Deskfiler v1.2.3. Multiple sources confirm that a crafted plugin upload can lead to arbitrary code execution, leveraging an Electron WebView to trigger RCE. The Red Hat and NVD entries repeat the same payload: uploading a specially crafted plugin enables code execution. The...

CVE-2023-40825

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...

CVE-2023-40825

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...

PerfreeBlog 代码问题漏洞

PerfreeBlog is a java-based blog/CMS builder. A security vulnerability exists in Perfree PerfreeBlog version v.3.1.2, which originates from a vulnerability that allows remote attackers to execute arbitrary code via a crafted plugin listed in admin/plugin/access/list...

PT-2023-27655 · Perfree · Perfreeblog

Name of the Vulnerable Software and Affected Versions: Perfree PerfreeBlog version 3.1.2 Description: An issue in Perfree PerfreeBlog allows a remote attacker to execute arbitrary code via a crafted plugin listed in "admin/plugin/access/list". Recommendations: For Perfree PerfreeBlog version 3.1....

CVE-2023-40825

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list...

CVE-2023-38948

An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin...