5 matches found
CVE-2024-7863 Favicon Generator < 2.1 - Arbitrary File Upload via CSRF
The Favicon Generator CLOSED WordPress plugin before 2.1 does not validate files to be uploaded and does not have CSRF checks, which could allow attackers to make logged in admin upload arbitrary files such as PHP on the server...
CVE-2021-24349 Gallery From Files <= 1.6.0 - Reflected Cross-Site Scripting (XSS)
This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lac...
VestaCP 0.9.8 - File Upload CSRF
Exploit Title: VestaCP 0.9.8 - File Upload CSRF Exploit Author: Fady Othman Date: 16-03-2021 Vendor Homepage: https://vestacp.com/ Software Link: https://github.com/myvesta/vesta Version: Vesta Control Panel aka VestaCP through 0.9.8-27 and myVesta through 0.9.8-26-39 CVE ID: CVE-2021-28379 Patch...
CVE-2016-10756
Kliqqi 3.0.0.5 allows CSRF with resultant Arbitrary File Upload because module.php?module=upload can be used to configure the uploading of .php files, and then modules/upload/uploadmain.php can be used for the upload itself...
Destoon B2B 2014-05-21最新版csrf getshell
简要描述: 上传问题+csrf+后台任意命令执行 = csrf getshell 详细说明: 先说上传问题,自带的fck编辑器没有验证上传图片的合法性,只判断了后缀名。 可以通过上传一个.jpg后缀的swf来进行csrf 然后是后台命令执行 /member/admin/sendmail.inc.php 行151 default: ifisset$send ifisset$preview && $preview $content = stripslashes$content; if$template if$sendtype == 2 $emails = explode"\n",...