PbootCMS Arbitrary PHP Code Execution Vulnerability

PbootCMS is a new core open source enterprise building system developed by Avantech. An arbitrary PHP code execution vulnerability exists in PbootCMS 1.2.2. A remote attacker can exploit this vulnerability by specifying a .php file name in the "SET GLOBAL generallogfile" statement and a subsequen...

Cross site request forgery (csrf)

An issue was discovered in PopojiCMS v2.0.1. admincomponent.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code that is extracted and can be executed. This can also be exploited via CSRF...

CVE-2018-18934

An issue was discovered in PopojiCMS v2.0.1. admincomponent.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code that is extracted and can be executed. This can also be exploited via CSRF...

CVE-2018-18934

An issue was discovered in PopojiCMS v2.0.1. admincomponent.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code that is extracted and can be executed. This can also be exploited via CSRF...

CVE-2018-18934

PopojiCMS v2.0.1 is affected by CVE-2018-18934. The vulnerability lies in admin_component.php, exploitable through the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code, which is extracted and can be executed. This is...

Media File Manager <= 1.4.2 - Authenticated Multiple Vulnerabilities

Following the PoC you can combine the vulnerabilities to obtain PHP code execution and read sensitive file. By default the File Manager can only be used by Administrator users, however, any user role can be configured to use it. PoC Diretory Trasversal: POST /wordpress/wp-admin/admin-ajax.php...

WordPress 4.2.x < 4.2.12 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

Code injection

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...

CVE-2018-18892

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...

CVE-2018-18892

MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the sitename field in mcconf.php...

CVE-2018-18874

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...

Code injection

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...

CVE-2018-18835

uploadtemplate in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file...

Cross site request forgery (csrf)

CSRF exists in zbusers/plugin/AppCentre/theme.js.php in Z-BlogPHP 1.5.2.1935 Zero, which allows remote attackers to execute arbitrary PHP code...

Code injection

uploadtemplate in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file...

CVE-2018-18835

uploadtemplate in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file...

Notes Manager 1.0 - Arbitrary File Upload

Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link: https://astuteinternet.dl.sourceforge.net/project/notes-manager/notesmanagement.zip Version: 1.0...

CVE-2018-18771

An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields...

CVE-2018-18752

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter...

CVE-2018-18752

Webiness Inventory 2.3 suffers from an Arbitrary File upload vulnerability via PHP code in the protected/library/ajax/WsSaveToModel.php logo parameter...