PT-2025-18203

Name of the Vulnerable Software and Affected Versions ShowDoc versions prior to 2.8.7 Description An unrestricted file upload issue caused by improper validation of file extensions allows unauthenticated attackers to upload arbitrary PHP files, such as web shells, leading to remote code execution...

CVE-2025-2101 Edumall <= 4.2.4 - Unauthenticated Local File Inclusion

The Edumall theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.2.4 via the 'template' parameter of the 'edumalllazyloadtemplate' AJAX action. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files on the serve...

Exploit for Code Injection in Ispconfig

CVE-2023-46818 Python Exploit 🔥 Description This Python e...

CVE-2025-24801

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

CVE-2025-24801 GLPI allows authenticated remote code execution

GLPI is a free asset and IT management software package. An authenticated user can upload and force the execution of .php files located on the GLPI server. This vulnerability is fixed in 10.0.18...

ABB Cylon Aspect 3.08.01 Shell Upload

ABB Cylon Aspect version 3.08.01 proof of concept remote shell upload exploit. Original discovery of this issue is attributed to LiquidWorm. ============================================================================================================================================= | Title : ABB...

Remote Code Execution

NagVis is vulnerable to Remote Code Execution RCE. The vulnerability is due to the ability of an authenticated administrator to upload a malicious PHP file and modify configuration settings, and attackers can exploit this to execute arbitrary PHP code on the server...

Mautic 安全漏洞

Mautic is an open source marketing automation application. An arbitrary file upload vulnerability exists in Mautic versions prior to 5.2.3, which stems from insufficient validation of uploaded file extensions and improper handling of file paths. An attacker can exploit this vulnerability to uploa...

WordPress plugin Head, Footer and Post Injections 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in th...

CVE-2024-5503

The WP Blog Post Layouts plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the...

CVE-2024-10898

The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7emailaddonaddadmintemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute...

CVE-2024-45398

Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does...

CVE-2025-0682

CVE-2025-0682 (ThemeREX Addons for WordPress) is an authenticated Local File Inclusion vulnerability affecting ThemeREX Addons versions up to and including 2.33.0. An attacker with contributor-level (or higher) privileges can abuse the trx_sc_reviews shortcode’s type attribute to include and exec...

CVE-2024-13408

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' attribute of the pgcu shortcode. This makes it possible for authenticated attacker...

PT-2025-2161 · WordPress · Post Grid

Name of the Vulnerable Software and Affected Versions: Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress versions up to, and including, 1.6.10 Description: The issue allows authenticated attackers, with Contributor-level access and...

CVE-2024-13593

The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmltmeetingmap' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on th...

CVE-2024-13295

CVE-2024-13295 affects Drupal Node export module for Drupal 7.X-* before 7.X-3.3. Root cause is deserialization of untrusted data, leading to object injection and potential arbitrary code execution. Affected software: Drupal Node export module (7.X-*, prior to 7.X-3.3). Impact per sources: possib...

CVE-2024-13265 Opigno Learning path - Critical - Arbitrary PHP code execution - SA-CONTRIB-2024-029

Improper Neutralization of Directives in Statically Saved Code 'Static Code Injection' vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2...

CVE-2024-11642 Post Grid Master <= 3.4.12 - Missing Authorization to Unauthenticated Local PHP File Inclusion

The Post Grid Master – Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locatetemplate' function. This makes it...

WordPress plugin WP Travel Engine 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...