Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Nuclei
Nucleiadded yesterday22 views

CyberPanel - Command Injection

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters. id: CVE-2024-51568 info: name: CyberPanel - Comman...

10CVSS8AI score0.45682EPSS
Exploits4References4
CVE
CVEadded 2025/06/02 12:0 a.m.53 views

CVE-2025-5420

CVE-2025-5420 affects juzaweb CMS up to version 3.4.2. The vulnerability is an XSS in the Upload parameter of /admin-cp/file-manager/upload on the Profile Page due to improper input handling. It can be exploited remotely and the exploit has been disclosed publicly. Multiple sources confirm the is...

5.4CVSS6.1AI score0.00272EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVEadded 2025/02/05 3:21 a.m.5 views

CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

10CVSS7.8AI score0.45682EPSS
Exploits4References1
VulnCheck KEV
VulnCheck KEVadded 2024/10/29 12:0 a.m.2 views

VulnCheck KEV: CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

10CVSS7.9AI score0.45682EPSS
Exploits4References1
CVE
CVEadded 2024/10/29 12:0 a.m.120 views

CVE-2024-51568

CyberPanel pre-2.3.5 is affected by a critical, unauthenticated pre-auth RCE via command injection in the file upload path. Specifically, CVE-2024-51568 exploits the completePath parameter in the ProcessUtilities.outputExecutioner() sink, enabling remote code execution through /filemanager/upload...

10CVSS8.7AI score0.45682EPSS
Exploits4References4Affected Software1
CNVD
CNVDadded 2020/04/07 12:0 a.m.5 views

Project Worlds Official Car Rental System Code Issue Vulnerability

Project Worlds Official Car Rental System is a PHP and MySQL based car rental system. A code issue exists in the upload section of the file manager page in Project Worlds Official Car Rental System version 1. The vulnerability can be exploited to run commands on the server via the addcars.php fil...

7.2CVSS7.3AI score0.01112EPSS
Exploits1
Cvelist
Cvelistadded 2018/10/31 4:0 p.m.21 views

CVE-2018-18874

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...

9.8AI score0.02062EPSS
Exploits1References1
OSV
OSVadded 2018/05/15 1:29 a.m.1 views

CVE-2018-11098

An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/filemanager/upload URI, a similar issue to CVE-2014-4912...

7.2CVSS5.8AI score0.01417EPSS
Exploits1References1
Rows per page
Query Builder