CVE-2021-47758

Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can generate and upload a ZIP plugin with a PHP backdoor that enables...

EUVD-2022-15771

Malicious code in bioql PyPI...

CVE-2025-56295

code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions...

PT-2025-32395 · Unknown · Sflog! Cms

Name of the Vulnerable Software and Affected Versions: Sflog! CMS version 1.0 Description: Sflog! CMS version 1.0 contains an authenticated arbitrary file upload issue in the blog management interface. The application includes default credentials admin:secret and permits authenticated users to...

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...

📄 flatCore 1.5.5 Shell Upload

flatCore version 1.5.5 suffers from a remote shell upload vulnerability. Exploit Title: flatCore Arbitrary .php File Upload via acp/acp.php Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/flatCore/flatCore-CMS Software Link: https://github.com/flatCore/flatCore-CMS...

MagnusBilling 7.x Command Injection

============================================================================================================================================= | Title : MagnusBilling 7.x Code Injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.2 64 bit...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

Citrix ADC RCE CVE-2023-3519 This exploit uses addresses and s...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

Citrix ADC RCE CVE-2023-3519 This exploit uses addresses and s...

MyBB 1.8.32 Remote Code Execution

Exploit Title: MyBB 1.8.32 - Chained LFI Remote Code Execution RCE Authenticated Date: 2023-01-19 Exploit Author: lUc1f3r11 https://github.com/FDlucifer Vendor Homepage: https://mybb.com/ Software Link: https://github.com/mybb/mybb/releases/tag/mybb1832 Version: MyBB 1.8.32 Tested on: Linux CVE :...

Spoofing

The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom "Amelia Manager" role...

CVE-2022-0687

Affected software: Amelia WordPress plugin (prior to 1.0.47). Vulnerability summary: Stores image blobs into actual files with a user-controlled extension, which may allow uploading of PHP backdoors. Impact (as stated): PHP backdoors on the site when exploited by a logged-in user (Amelia Manager ...

WordPress plugin Amelia 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A code issue exists in the WordPress plugin Amelia prior to...

GetSimple CMS 3.3.16 Cross Site Scripting / Shell Upload

Exploit Title: GetSimple CMS 3.3.16 - Reflected XSS to RCE Exploit Author: Bobby Cooke boku Discovery Credits: Bobby Cooke boku & Adeeb Shah @hyd3sec Date: March 29th, 2021 CVE ID: CVE-2020-23839 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23839 Vendor Homepage: http://get-simple.in...

WordPress Compromised Installed Servers Remote Code Execution

A PHP backdoor vulnerability exists in compromised installation of WordPress sites. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

No man’s land: How a Magecart group is running a web skimming operation from a war zone

Our Threat Intelligence team has been monitoring the activities of a number of threat actors involved in the theft of credit card data. Often referred to under the Magecart moniker, these groups use simple pieces of JavaScript code skimmers typically injected into compromised e-commerce websites ...

SeedDMS versions < 5.1.11 - Remote Command Execution Exploit

Exploit for php platform in category web applications Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4:...

SeedDMS versions &lt; 5.1.11 - Remote Command Execution

Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4: Now go to...

SeedDMS Remote Command Execution

Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4: Now go to...

CVE-2019-9858

Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the HordeFormTypeimage method onSubmit is called on uploads, it invokes the functions getImage and getUpload, which uses...