CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server...

CVE-2023-0255

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

CVE-2023-33480

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...

CVE-2021-25094

The Tatsu WordPress plugin before 3.3.12 addcustomfont action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control...

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

CVE-2018-8972

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

CVE-2012-1082

Cross-site scripting XSS vulnerability in the Terminal PHP Shell terminal extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Exploit for CVE-2025-32583

🚨 CVE-2025-32583 — WordPress PDF 2 Post RCE Exploit CRITI...

WP Time Capsule 1.22.21 Shell Upload

WordPress WP Time Capsule plugin version 1.22.21 remote shell upload proof of concept exploit that takes advantage of a flaw discovered in 2024 by Rein Daelman...

Exploit for CVE-2024-9698

CVE-2024-9698 Crafthemes Demo Import " 🔥 Example O...

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server...

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server...

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server...

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server...

CVE-2024-57487

CVE-2024-57487 affects Code-Projects Online Car Rental System 1.0. The file upload feature does not validate file extensions or MIME types, allowing an attacker to upload a PHP shell and execute commands on the server. The issue is exploitable via the authenticated pathway described in published ...

Exploit for CVE-2024-53345

CVE-2024-53345 Critical 0 Day in Car Rental Management System...

Exploit for Unrestricted Upload of File with Dangerous Type in Pluck-Cms Pluck

CVE-2023-50564 - Pluck CMS v4.7.18 Remote Code Execution RCE...

WordPress Bricks Builder Theme 1.9.6 Code Injection

============================================================================================================================================= | Title : WordPress Bricks Builder Theme 1.9.6 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

WordPress Hash Form 1.1.0 Code Injection

============================================================================================================================================= | Title : WordPress Hash Form 1.1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Car Rental Project 1.0 Code Injection

============================================================================================================================================= | Title : Car Rental Project 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0...