CVE-2022-3989

The Motors WordPress plugin before 1.4.4 does not properly validate uploaded files for dangerous file types such as .php in an AJAX action, allowing an attacker to sign up on a victim's WordPress instance, upload a malicious PHP file and attempt to launch a brute-force attack to discover the...

JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload

The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. PoC Setup: 1. Install the vulnerable plugin jobboardwp version 1.2.1 2. In the toast message that appears on the plugin's...

qdPM 9.1 Authenticated Arbitrary PHP File Upload (RCE)

A remote code execution RCE vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users'photoppreview' delete photo feature, allowing bypass of .htaccess protection...

Multi Language Pharmacy Management System 1.0 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Vendor: https://www.mayurik.com/source-code/P0349/best-pharmacy-billing-software-free-download Source:...

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

Design/Logic Flaw

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

CVE-2021-42645

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability that can be triggered by the File parameter to upload a PHP payload and obtain a reverse shell on the vulnerable host. The CVE entry (CVE-2021-42645) and multiple connected sources corroborate an RCE path via file upload...

CVE-2021-42645

CMSimpleXH 1.7.4 is affected by a remote code execution RCE vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host...

Exploit for Code Injection in Digitaldruid Hoteldruid

CVE-2022-22909 Hotel Druid 3.0.3 - Remote Code Execution RCE...

osCommerce 2.3.4.1 - Remote Code Execution Exploit (2)

Exploit Title: osCommerce 2.3.4.1 - Remote Code Execution 2 Vulnerability: Remote Command Execution when /install directory wasn't removed by the admin Exploit: Exploiting the install.php finish process by injecting php payload into the dbdatabase parameter & read the system command output from...

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is disabled by...

Document Management System 1.0 SQL Injection / Remote Code Execution

Exploit Title: Document Management System - SQL Injection to RCE webshell Date: 23/04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/7652/document-management-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 !/usr/bin/python3 import...

Church Rota 2.6.4 Shell Upload

import requests from pwn import listen CVE-2021-3164 Church Rota version 2.6.4 is vulnerable to authenticated remote code execution. The user does not need to have file upload permission in order to upload and execute an arbitrary file. The application is written primarily with PHP so we use PHP ...

CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker with access to the FileManager to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload which will receiv...

qdPM < 9.1 - Remote Code Execution Exploit

Exploit for multiple platform in category web applications !/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an...

qdPM Remote Code Execution

!/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically upload a PHP web shell to the qdPM...

qdPM &lt; 9.1 - Remote Code Execution

!/usr/bin/python ------------------------------------------------------------------------------------- Title: qdPM Webshell Upload + RCE Exploit qdPMv9.1 and below CVE-2020-7246 Author: Tobin Shields @TobinShields Description: This is an exploit to automatically upload a PHP web shell to the qdPM...

Feng Office 3.7.0.5 - Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...

Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...