CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action...

CVE-2018-20599

UCMS 1.4.7 allows remote attackers to execute arbitrary PHP code by entering this code during an index.php sadminfileedit action...

CVE-2018-20129: DedeCMS V5. 7 SP2 front Desk file upload getshell vulnerability alerts-a vulnerability alert-the black bar safety net

2018-12-11 in CVE Chinese application station published a DEDECMS 5.7 SP2 is the latest version there is a file upload vulnerability, with administrator privileges can exploit this vulnerability to upload and getshell execute arbitrary PHP code. After analysis and verification. The vulnerability...

WordPress Snap Creek Duplicator Code Injection Exploit

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters befo...

Snap Creek Duplicator WordPress plugin code injection

When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters befo...

CVE-2018-19422

/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these...

Code injection

An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI...

Exploit for Improper Authentication in Phpmyadmin

CVE-2018-12613 Local file inclusion bug due to filter bypass u...

CVE-2018-19053

PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL generallogfile" statement, followed by a SELECT statement containing this PHP code...

CVE-2018-18934

PopojiCMS v2.0.1 is affected by CVE-2018-18934. The vulnerability lies in admin_component.php, exploitable through the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code, which is extracted and can be executed. This is...

Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities

Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. PoC Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php...

CVE-2018-18892

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...

Code injection

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...

Code injection

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...

CVE-2018-18426

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...

CVE-2018-18258

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI...

CVE-2018-18258

CVE-2018-18258 affects BageCMS 3.1.3. The vulnerability allows an attacker to execute arbitrary PHP code on the web server and read any file via the URI index.php?r=admini/template/updateTpl&filename=, indicating a server-side code execution and information disclosure risk. The NVD entry assigns ...

CVE-2018-18083

CVE-2018-18083 affects DuomiCMS 3.0. Affected component: search.php, where the parameter searchword is processed and unsafely uses eval during if processing, enabling remote PHP code execution. This yields high/severe impact (NVD CVSS3: 9.8, CRITICAL; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Exploit...

CVE-2018-17442

An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code...

CVE-2018-17827

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php...