CVE-2024-48180

ClassCMS =4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code...

CVE-2024-48180

CVE-2024-48180 affects ClassCMS versions ≤ 4.8. The issue is a file inclusion in the nowView method of /class/cms/cms.php, which can include a file uploaded to /class/template, allowing PHP code execution. Documented impact indicates high confidentiality, integrity, and availability impact with a...

Exploit for CVE-2024-9441

CVE-2024-9441 Description of the Vulnerability: This code exp...

CVE-2024-43363 Remote code execution via Log Poisoning in Cacti

Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process completing only step 5 of the installation process is enough, no need to complete the steps before or after it to...

CVE-2024-44014 WordPress Vmax Project Manager plugin <= 1.0 - Local File Inclusion to RCE vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Vmax Studio Vmax Project Manager vmax-project-manager allows PHP Local File Inclusion.This issue affects Vmax Project Manager: from n/a through = 1.0...

ViciDial 2.0.5 Cross Site Request Forgery

============================================================================================================================================= | Title : ViciDial Call Center - astguiclient - thirtieth public release 2.0.5 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows ...

Exploit for CVE-2024-9162

CVE-2024-9162 All-in-One WP Migration and Backup SELECT op...

CVE-2024-7149

CVE-2024-7149 — The Event Manager/Events Calendar/Tickets/Registrations – Eventin WordPress plugin (

CVE-2024-7149 Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, t...

CVE-2024-8704

The Advanced File Manager plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 5.2.8 via the 'fmalocale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrar...

Car Rental Project 1.0 Code Injection

============================================================================================================================================= | Title : Car Rental Project 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...

VulnCheck KEV: CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

Exploit for OS Command Injection in Dolibarr Dolibarr_Erp\/Crm

CVE-2023-3025...

Membership Management System 1.0 Code Injection

============================================================================================================================================= | Title : Membership Management System version 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

SPIP BigUp 4.0 Code Injection

============================================================================================================================================= | Title : SPIP BigUp 4.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bi...

Auto/Taxi Stand Management System 1.0 PHP Code Injection

============================================================================================================================================= | Title : Auto/Taxi Stand Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozill...

SPIP BigUp 4.3.1 / 4.2.15 / 4.1.17 Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SPIP BigUp Plugin Unauthenticated RCE', 'Description' = %q This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP...

SPIP BigUp Plugin Unauthenticated RCE

This module exploits a Remote Code Execution vulnerability in the BigUp plugin of SPIP. The vulnerability lies in the listerfichiersparchamps function, which is triggered when the bigupretrouverfichiers parameter is set to any value. By exploiting the improper handling of multipart form data in...

Profiling System 1.0 Shell Upload

============================================================================================================================================= | Title : Profiling System 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64...

Online Marriage Registration System 1.0 Shell Upload

============================================================================================================================================= | Title : Online Marriage Registration System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...