Design/Logic Flaw

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

CVE-2023-0255 Enable Media Replace < 4.0.2 - Author+ Arbitrary File Upload

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites...

PT-2023-16115 · WordPress · Enable Media Replace

Name of the Vulnerable Software and Affected Versions: Enable Media Replace WordPress plugin versions prior to 4.0.2 Description: The issue allows authors to upload arbitrary files to the site, potentially enabling them to upload PHP shells on affected sites. Recommendations: For Enable Media...

WordPress Directorist plugin cross-site request forgery vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Directorist plugin has a cross-site request forgery vulnerability, which stems from the fact that the WordPress...

WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Directorist plugin has a cross-site request forgery vulnerability, which stems from the fact that the WordPress...

CS-Cart 1.3.3 - authenticated RCE

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

CS-Cart 1.3.3 Remote Code Execution

Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...

WordPress Drag and Drop Multiple File Upload Plugin < 1.3.3.3 Unrestricted File Upload Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112764";...

Web Shell Detector - PHP Script That Helps You Find And Identify PHP / CGI (Perl) / ASP / ASPX Shells

Web Shell Detector is a php script that helps you find and identify php/cgiperl/asp/aspx shells. Web Shell Detector has a “web shells” signature database that helps to identify “web shell” up to 99%. By using the latest javascript and css technologies, web shell detector has a light weight and...

Max&#39;s File Uploader File Upload Vulnerability

Max's File Uploader File Upload Vulnerability Homepage: http://www.phpf1.com/ Download: http://www.phpf1.com/download.html?item=9 Dork: intitle:"Max's File Uploader" maybe ^^ Found by : Xcross87 | xcross87.info | hcegroup.net Simply upload a shell .php, it will be stored in the same level. Exampl...