CyberPanel - Command Injection

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters. id: CVE-2024-51568 info: name: CyberPanel - Comman...

EUVD-2026-22705

October Rain has Stored XSS via SVG Filter Bypass...

CVE-2026-25133

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the SVG sanitization logic. The regex pattern used to strip event handler attributes such as onclick or onload could be bypassed using a...

CVE-2025-5420

CVE-2025-5420 affects juzaweb CMS up to version 3.4.2. The vulnerability is an XSS in the Upload parameter of /admin-cp/file-manager/upload on the Profile Page due to improper input handling. It can be exploited remotely and the exploit has been disclosed publicly. Multiple sources confirm the is...

CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

VulnCheck KEV: CVE-2024-51568

CyberPanel aka Cyber Panel before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner sink. There is /filemanager/upload aka File Manager upload unauthenticated remote code execution via shell metacharacters...

CVE-2024-51568

CyberPanel pre-2.3.5 is affected by a critical, unauthenticated pre-auth RCE via command injection in the file upload path. Specifically, CVE-2024-51568 exploits the completePath parameter in the ProcessUtilities.outputExecutioner() sink, enabling remote code execution through /filemanager/upload...

CVE-2024-10412

A vulnerability was found in Poco-z Guns-Medical 1.0. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /mgr/upload of the component File Upload. The manipulation of the argument picture leads to cross site scripting. The attack can be launched...

Project Worlds Official Car Rental System Code Issue Vulnerability

Project Worlds Official Car Rental System is a PHP and MySQL based car rental system. A code issue exists in the upload section of the file manager page in Project Worlds Official Car Rental System version 1. The vulnerability can be exploited to run commands on the server via the addcars.php fil...

CVE-2018-18874

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...

CVE-2018-11098

An issue was discovered in Frog CMS 0.9.5. There is a file upload vulnerability via the admin/?/plugin/filemanager/upload URI, a similar issue to CVE-2014-4912...