21 matches found
📄 Monsta FTP 2.11 Remote File Injection
This Metasploit module exploits a vulnerability in Monsta FTP version 2.11 and enables remote file injection by creating a malicious FTP server. The application builds this server to upload a malicious PHP file reverse shell. After the file is uploaded, the module immediately verifies the...
CVE-2025-34506
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...
CVE-2025-34506
WBCE CMS is affected: version 1.6.3 and earlier are vulnerable to authenticated remote code execution via uploading a malicious module. The flaw arises when an administrator can upload a ZIP module containing embedded PHP reverse shell code, enabling remote system access when installed. Exploitat...
PT-2025-50767
Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.3 WBCE CMS version 1.6.3 Description WBCE CMS versions 1.6.3 and earlier have a flaw that permits administrators to execute code remotely by uploading malicious modules. An attacker can create a ZIP module...
CVE-2022-36667
Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...
Exploit for Unrestricted Upload of File with Dangerous Type in Limesurvey
CVE-2021-44967 Exploit Title: LimeSurvey 5.2.4 - Authen...
Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck
CVE-2023-50564 PoC This repository contains a Proof of Con...
Exploit for Improper Privilege Management in Openwebanalytics Open_Web_Analytics
CVE-2022-24637 Open Web Analytics 1.7.3 - Remote Code Executio...
CVE-2022-36667
Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...
CVE-2022-36667
Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...
Design/Logic Flaw
Garage Management System 1.0 is vulnerable to the Remote Code Execution RCE due to the lack of filtering from the file upload function. The vulnerability exist during adding parts and from the upload function, the attacker can upload PHP Reverse Shell straight away to gain RCE...
WPanel 4.3.1 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Date: 07/06/2021 Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
WPanel 4.3.1 Remote Code Execution
Exploit Title: WPanel 4.3.1 - Remote Code Execution RCE Authenticated Date: 07/06/2021 Exploit Author: Sentinal920 Vendor Homepage: https://github.com/wpanel Software Link: https://github.com/wpanel/wpanel4-cms Version: 4.3.1 Tested on: Linux import requests import random,string Change This url =...
Hotel Management System 1.0 - Cross-Site Scripting (XSS) Arbitrary File Upload Remote Code Execution (RCE)
Exploit Title: Hotel Management System 1.0 - Cross-Site Scripting XSS Arbitrary File Upload Remote Code Execution RCE Date: 2021-08-01 Exploit Author: Merbin Russel Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7204 Version: V1.0...
Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution Exploit
Exploit Title: Alphaware E-Commerce System 1.0 - Unauthenicated Remote Code Execution File Upload + SQL injection Exploit Author: Christian Vierschilling Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/php/11676/alphaware-simple-e-commerce-system.html...
PhreeBooks 5.2.3 Remote Code Execution
Exploit Title: PhreeBooks 5.2.3 - Remote Code Execution Date: 22 Jan 2021 Exploit Author: Kr0ff Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: 5.2.3 Tested on: Windows Server 2016 !/usr/bin/env python3 ''' DESCRIPTION: - PhreeBooks...
CS-Cart 1.3.3 - authenticated RCE
Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...
CMS Made Simple 2.2.14 Shell Upload
!/usr/bin/python3 -- coding: utf-8 -- Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload Authenticated Google Dork: N/A Date: 2020-08-31 Exploit Author: Luis Noriega @nogagmx Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
HomeAutomation 3.3.2 CSRF / Code Execution
HomeAutomation v3.3.2 CSRF Remote Command Execution PHP Reverse Shell PoC Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Summary: HomeAutomation is an open-source web interface and scheduling solution. It was initially made for use...
PHP serialize/object injection vulnerability exploit-vulnerability warning-the black bar safety net
! This article is about PHP serialize/object injection vulnerability analysis of the short story, which tells about how to get the host of the remote shell. If you want to learn more about PHP serialized content, please visit this link. If you want to test this vulnerability, you can by XVWA and...