Lucene search
K

4 matches found

Exploit DB
Exploit DB
added 2019/09/10 12:0 a.m.354 views

October CMS - Upload Protection Bypass Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'October CMS Upload Protection Bypass Code Execution', 'Description' = %q This module exploits an Authenticated user with permission to upload and...

7.4AI score
Exploits0
Circl
Circl
added 2019/09/06 3:22 p.m.13 views

CVE-2017-1000119

creationtimestamp| type| source ---|---|--- 2019-09-06 15:22:57+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/octoberuploadbypassexec.rb 2019-09-10 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47376...

7.2CVSS6.8AI score0.61347EPSS
Exploits1References2
Metasploit
Metasploit
added 2019/09/03 6:34 a.m.30 views

October CMS Upload Protection Bypass Code Execution

This module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in...

0.3AI score
Exploits0
CVE
CVE
added 2017/10/04 1:0 a.m.68 views

CVE-2017-1000119

October CMS build 412 is vulnerable to PHP code execution via the file upload functionality, potentially allowing site compromise and server-wide impact. The vulnerability is documented across multiple sources (NVD entry CVE-2017-1000119; GitHub/OSV/OSVDB advisories; Metasploit module and exploit...

7.2CVSS7.2AI score0.61347EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder