Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
•added 2026/01/09 11:28 a.m.•10 views

CVE-2021-33352

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...

9.8CVSS7.8AI score0.01361EPSS
Exploits1References1
NVD
NVD
•added 2025/12/17 11:15 p.m.•5 views

CVE-2023-53924

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...

8.8CVSS0.00794EPSS
Exploits1References3
CNNVD
CNNVD
•added 2025/12/17 12:0 a.m.•4 views

Serendipity ä»£ē é—®é¢˜ę¼ę“ž

Serendipity is a PHP-based blogging system by the Serendipity team. The system supports the creation of online journals, blogs, web pages, and more. A code issue vulnerability exists in Serendipity version 2.4.0, which stems from an authenticated attacker being able to upload malicious PHP files...

8.8CVSS7.7AI score0.00874EPSS
Exploits1References4
NVD
NVD
•added 2025/12/15 9:15 p.m.•4 views

CVE-2023-53885

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded fil...

8.6CVSS0.00794EPSS
Exploits1References3
EUVD
EUVD
•added 2025/10/07 12:30 a.m.•10 views

EUVD-2021-19460

Malware in sbrugna...

9.6CVSS8.6AI score0.01562EPSS
Exploits1References4
Packet Storm
Packet Storm
•added 2025/04/11 12:0 a.m.•160 views

šŸ“„ GetSimpleCMS Shell Upload

GetSimple CMS versions prior to 3.3.16 suffer from a remote code execution vulnerability via a PHAR file upload in admin/upload.php. Exploit Title: GetSimpleCMS 2. Write a PHP script to create the .phar file: Use the Phar class in PHP to package the index.php file into a .phar archive. Create a...

7.2CVSS7.2AI score0.07548EPSS
Exploits3
Exploit DB
Exploit DB
•added 2025/04/11 12:0 a.m.•219 views

GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)

Exploit Title: GetSimpleCMS 3.3.16 - Remote Code Execution RCE Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/GetSimpleCMS/GetSimpleCMS Software Link: https://github.com/GetSimpleCMS/GetSimpleCMS Version: 3.3.16 Tested on: Ubuntu Windows CVE : CVE-2021-28976 PoC-1...

7.2CVSS7AI score0.07548EPSS
Exploits3
NVD
NVD
•added 2023/03/08 10:15 p.m.•25 views

CVE-2021-33352

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...

9.8CVSS9.7AI score0.01361EPSS
Exploits1References2
Prion
Prion
•added 2023/03/08 10:15 p.m.•16 views

Design/Logic Flaw

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...

7.5CVSS9.6AI score0.01361EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
•added 2023/03/08 12:0 a.m.•22 views

CVE-2021-33352

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...

9.8AI score0.01361EPSS
Exploits1References2
Vulnrichment
Vulnrichment
•added 2023/03/08 12:0 a.m.•6 views

CVE-2021-33352

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...

8.1AI score0.01361EPSS
Exploits1References2
CVE
CVE
•added 2023/03/08 12:0 a.m.•58 views

CVE-2021-33352

Wyomind Help Desk Magento 2 extension, v1.3.6 and earlier, is affected by a code execution vulnerability triggered by uploading a phar file via the ticket message field. The issue allows arbitrary code execution on the server and is tracked as CVE-2021-33352 with a CVSS v3.1 base score of 9.8 (CR...

9.8CVSS9.6AI score0.01361EPSS
Exploits1References2Affected Software1
NVD
NVD
•added 2021/05/20 5:15 p.m.•16 views

CVE-2021-32630

Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...

9.6CVSS0.01562EPSS
Exploits1References3
CVE
CVE
•added 2021/05/20 4:45 p.m.•67 views

CVE-2021-32630

CVE-2021-32630 affects Admidio prior to version 4.0.4, where an authenticated user with upload permissions can exploit the Documents & Files upload feature to achieve remote code execution via a .phar-renamed PHP web shell. The payload can trigger a reverse or bind shell when the uploaded file is...

9.6CVSS8.7AI score0.01562EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
•added 2018/11/05 12:0 a.m.•18 views

Joomla! 3.1.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

9.8CVSS7.7AI score0.03798EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
•added 2018/11/05 12:0 a.m.•28 views

Joomla! 3.3.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

9.8CVSS7.7AI score0.03798EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
•added 2018/11/05 12:0 a.m.•20 views

Joomla! 3.2.x < 3.8.8 Multiple Vulnerabilities

According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - ACL violation in access levels affects Joomla 2.5.0 through 3.8.7 - Adding phar files to the upload blacklist affects Joomla 2.5.0 through 3.8.7 - Information Disclosure abo...

9.8CVSS7.7AI score0.03798EPSS
Exploits0References17
Rows per page
Query Builder