8 matches found
WordPress SP Project & Document Manager <4.22 - Authenticated Shell Upload
WordPress SP Project & Document Manager plugin before 4.22 is susceptible to authenticated shell upload. The plugin allows users to upload files; however, the plugin attempts to prevent PHP and other similar executable files from being uploaded via checking the file extension. PHP files can still...
p0wny Shell Remote Code Execution (CVE-2017-9830; CVE-2018-15139; CVE-2018-19423; CVE-2018-6383; CVE-2020-29607; CVE-2021-24155; CVE-2021-24347)
p0wny Shell is a PHP shell. An attacker might use this shell to execute arbitrary code on the affected system...
Wordpress Plugin SP Project and Document - Authenticated Remote Code Execution
This module allows an attacker with a privileged Wordpress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin SP Project & Document /.php Module Options msf use exploit/multi/http/wppluginspprojectdocumentrce msf exploitwppluginspprojectdocumentrce...
CVE-2021-24347
creationtimestamp| type| source ---|---|--- 2021-07-10 16:29:07+00:00| published-proof-of-concept| Telegram/eMoVbCeI-n-jaFKeB-W9ZjnKBEe6KGFrv-r960DcFriPRg 2021-07-23 17:46:03+00:00| seen|...
Wordpress SP Project & Document Manager 4.21 Plugin - Remote Code Execution Exploit
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link: https://downloads.wordpress.org/plugin/sp-client-document-manager.4.21.zip Version:...
WordPress SP Project And Document Manager 4.21 Shell Upload
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...
Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: Wordpress Plugin SP Project & Document Manager 4.21 - Remote Code Execution RCE Authenticated Date 07.07.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://smartypantsplugins.com/ Software Link:...
CVE-2021-24347
The CVE-2021-24347 entry concerns the WordPress SP Project & Document Manager plugin prior to version 4.22. The vulnerability arises because the plugin attempts to block executable uploads by checking file extensions, but PHP files can still be uploaded by altering the extension case (e.g., php t...