CVE-2021-47943

TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by uploading malicious PHP files through the file upload functionality. Attackers can upload a PHP shell via the Files section in the content area and execute...

EUVD-2017-7298

Malware in sbrugna...

EUVD-2021-11893

Malware in sbrugna...

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

WP Time Capsule 1.22.21 Shell Upload

WordPress WP Time Capsule plugin version 1.22.21 remote shell upload proof of concept exploit that takes advantage of a flaw discovered in 2024 by Rein Daelman...

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server...

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server...

SugarCRM Shell Upload Exploit

!/usr/bin/env python SugarCRM 0-day Auth Bypass + RCE Exploit Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0 https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php https://www.shodan.io/search?query=http.title:"SugarCRM"...

CVE-2021-46360

Authenticated remote code execution RCE in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr...

PT-2022-12668 · Unknown · Composr Cms

Name of the Vulnerable Software and Affected Versions: Composr-CMS versions 10.0.39 and earlier Description: The issue allows remote attackers to execute arbitrary code via uploading a PHP shell through the "/adminzone/index.php?page=admin-commandr" API endpoint. This enables attackers to perform...

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

Western Digital MyCloud PR4100 Web Management Component 'multi_uploadify' File Upload Vulnerability

The Western Digital MyCloud PR4100 is a networked cloud storage device from Western Digital.The web administration component is one of the web administration components. A security vulnerability exists in the Web administration component of the Western Digital MyCloud PR4100 version 2.30.172. An...

Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities

Administrator optionsModify Current Theme" or use site.com/members/console.php?cID=61. You can then insert the PHP code of your choosing into Footer. In order to add or edit code you are required to provide a special Admin Key that was defined during install. The key isn't needed as the check is...

Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities

Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities Administrator optionsModify Current Theme" or use site.com/members/console.php?cID=61. You can then insert the PHP code of your choosing into Footer. In order to add or edit code you are required to provide a special Admin Key that was...

Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities

Exploit for php platform in category web applications Administrator optionsModify Current Theme" or use site.com/members/console.php?cID=61. You can then insert the PHP code of your choosing into Footer. In order to add or edit code you are required to provide a special Admin Key that was defined...

WordPress Windows Desktop And iPhone Photo Uploader File Upload

Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility Author : Manish Kishan Tanwar AKA error1046 Home Page : https://wordpress.org/plugins/i-dump-iphone-to-wordpress-photo-uploader/ Download Link :...

Incom CMS SQL Injection

Exploit Title: Incom Cms Admin Bypass Vulnerability Google Dork: intext:"incom cms" . intext:"site by overron" . intitle:"INCOM CMS" Date: 2014-12-29 Exploit Author: Xodiak Vendor Homepage: http://facebook.com/xodiakbalckhat Software Link: http://incomcms.com Version: All Version Tested on: Kali ...

NoticeBoardPro 1.0 - Multiple Vulnerabilities

No description provided by source. ------------------------------------------------------------------------ Software................NoticeBoardPro 1.0 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.NoticeBoardPro.com/ Discovery...

NoticeBoardPro 1.0 Multiple Vulnerabilities

Exploit for php platform in category web applications ------------------------------------------------------------------------ Software................NoticeBoardPro 1.0 Vulnerability...........SQL Injection Threat Level............Critical 4/5 Download................http://www.NoticeBoardPro.co...

PureEdit 1.4.1 Account Creation Vulnerability

Exploit for php platform in category web applications ============================================= PureEdit 1.4.1 Account Creation Vulnerability ============================================= Exploit Title: PureEdit 1.4.1 Account Creation Vulnerability Date: 22/08/2010 Author: pimpim Software Lin...