CVE-2026-7073 itsourcecode Construction Management System execute.php sql injection

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-7073

CVE-2026-7073 affects itsourcecode Construction Management System 1.0. A flaw in an unknown part of /execute.php allows manipulation of the argument code to trigger SQL injection. The vulnerability is remotely exploitable and exploitation is documented as a proof-of-concept in the linked sources....

itsourcecode Construction Management System 注入漏洞

itsourcecode Construction Management System is an open-source construction management system developed by itsourcecode. Version 1.0 of the itsourcecode Construction Management System has a vulnerability related to parameter handling in the file/execute.php, which may lead to SQL injection attacks...

HTTP Fetch

Fetch and execute an x86 payload from an HTTP server. Module Options msf use payload/cmd/windows/http/x86/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run This module requires Metasploit:...

CVE-2026-Pending-Claude-Desktop-RCE

CVE-2026-PENDING: Claude Desktop Remote Code Execution via Pri...

EUVD-2025-175818

Malicious code in unix-execute-file-route-reject npm...

CVE-2024-7934

A vulnerability was found in itsourcecode Project Expense Monitoring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file execute.php. The manipulation of the argument code leads to sql injection. The attack can be launched remotely...

PT-2024-38699 · Unknown · Itsourcecode Project Expense Monitoring System

Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue has been identified, affecting an unknown functionality of the file execute.php. The manipulation of the code argument leads to sql injection. This issue...

OpenCTI Cross-Site Scripting Vulnerability

OpenCTI is OpenCTI's open cyber threat intelligence platform. A cross-site scripting vulnerability exists in OpenCTI version 5.2.4 and earlier versions, which can be exploited by an attacker to upload a malicious file and then execute the file when the victim opens the file location...

CVE-2022-23743

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading t...

GHSA-MQ9H-CWC2-6J5R Malicious Package in midway-dataproxy

All versions of midway-dataproxy contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Exploit for CVE-2020-1938

Ghostcat exp for CNVD-2020-10487CVE-2020-1938 tomcat ajp协...

Uplay 92.0.0.6280 Local Privilege Escalation

Exploit Title: Uplay 92.0.0.6280 - Local Privilege Escalation Date: 2019-08-07 Exploit Author: Kusol Watchara-Apanukorn, Pongtorn Angsuchotmetee, Manich Koomsusi Vendor Homepage: https://uplay.ubisoft.com/ Version: 92.0.0.6280 Tested on: Windows 10 x64 CVE : N/A Vulnerability Description:...

Malicious Package

ali-contributor is a malicious package. The malicious package runs a pre-install script, load.js, that would upload system information to a remote server, and subsequently downloads and executes a file...

tecrail Responsive FileManager path traversal vulnerability (CNVD-2019-12901)

tecrail Responsive FileManager is an open source file manager written in PHP by the Italian company tecrail. The product supports the uploading and management of videos, images or other files. A path traversal vulnerability exists in the 'createfile' function of the execute.php file in version...

SiteServer CMS program upload filter is not strict cause can take shell-vulnerability warning-the black bar safety net

A day with the Night chat, accidentally discovered SiteServer CMS upload vulnerability, the filter is not strictly http://demo2. siteserver. cn today to test under the main station of this presentation template Before this app also has pop user name is not filtered strictly to be used, update the...

CuteFlow 2.11.2 Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "CuteFlow v2.11.2...

hummingbird-exec2.txt

-------------------------------------------------------------------------------- Hummingbird Deployment Wizard 2008 DeployRun.dll Arbitrary File Execution2 url: http://www.hummingbird.com Author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.net This was written for educational...

freebsd/x86 chown 0:0 , chmod 6755 & execve /tmp/sh 44 bytes

Exploit for freebsd/x86 platform in category shellcode ============================================================ freebsd/x86 chown 0:0 , chmod 6755 & execve /tmp/sh 44 bytes ============================================================ / FreeBSD shellcode chown"/tmp/sh", 0, 0; chmod"/tmp/sh",...

Mozilla 1.x opera 67 - Timed document.write Method Cross Domain Policy

Mozilla 1.x opera 67 - Timed document.write Method Cross Domain Policy source: https://www.securityfocus.com/bid/7847/info It has been reported that under some circumstances, it is possible violate the cross-domain restriction of browser security. Because of this, an attacker may be able to execu...