41 matches found
CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload
Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...
cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named MrRot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager WHM that could result ...
odfs_rce_poc
Online Discussion Forum Site 1.0 - Remote Code Execution PoC...
PT-2025-52212
Name of the Vulnerable Software and Affected Versions Bitrix24 versions prior to 25.100.301 Description Remote Code Execution is possible because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. The supplier...
EUVD-2020-16566
Malware in sbrugna...
EUVD-2025-23552
Malicious code in bioql PyPI...
EUVD-2023-29716
Malicious code in bioql PyPI...
PT-2025-31863 · Unknown · Unisite Cms
Name of the Vulnerable Software and Affected Versions: Unisite CMS version 5.0 Description: Unisite CMS version 5.0 contains a stored Cross-Site Scripting XSS vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an...
CVE-2025-50754
Unisite CMS version 5.0 contains a stored Cross-Site Scripting XSS vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an administrator. This allows attackers to hijack the admin session and, by leveraging the...
CVE-2023-38874
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...
CVE-2020-23934
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...
CVE-2017-9442
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...
MoziloCMS 3.0 - Remote Code Execution (RCE)
Exploit Title: MoziloCMS 3.0 - Remote Code Execution RCE Date: 10/09/2024 Exploit Author: Secfortress https://github.com/sec-fortress Vendor Homepage: https://mozilo.de/ Software Link: https://github.com/moziloDasEinsteigerCMS/mozilo3.0/archive/refs/tags/3.0.1.zip Version: 3.0 Tested on: Debian...
Clinic's Patient Management System 1.0 - Unauthenticated RCE
This module exploits an unauthenticated file upload vulnerability in Clinic's Patient Management System 1.0. An attacker can upload a PHP web shell and execute it by leveraging directory listing enabled on the /pms/userimages directory. Module Options msf use...
GHSA-G872-JWWR-VGGM Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...
GHSA-PQ98-6HF6-3RJ3 Economizzer remote code execution vulnerability
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...
CVE-2023-38874
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...
Remote code execution
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...
CVE-2023-38874
A remote code execution RCE vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 April 2023. A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and...