Exploit for CVE-2025-2249

🔐 WordPress SoJ SoundSlides Plugin ⚠️ DISCLAIMER: This ex...

Chamilo v1.11.24 Unrestricted File Upload PHP Webshell

Chamilo LMS is a free software e-learning and content management system. In versions prior to use exploit/linux/http/chamilobiguploadwebshell msf exploitchamilobiguploadwebshell show targets ...targets... msf exploitchamilobiguploadwebshell set TARGET msf exploitchamilobiguploadwebshell show...

PT-2024-28963 · Fog · Fog

Name of the Vulnerable Software and Affected Versions: FOG versions prior to 1.5.10.41 Description: The issue is related to an improperly restricted file upload feature in FOG, a cloning/imaging/rescue suite/inventory management system. This allows authenticated users to execute arbitrary code on...

CVE-2024-4306

Critical unrestricted file upload vulnerability in HubBank affecting version 1.0.2. This vulnerability allows a registered user to upload malicious PHP files via upload document fields, resulting in webshell execution...

D3m0n1z3dShell - Demonized Shell Is An Advanced Tool For Persistence In Linux

Demonized Shell is an Advanced Tool for persistence in linux. Install git clone https://github.com/MatheuZSecurity/D3m0n1z3dShell.git cd D3m0n1z3dShell chmod +x demonizedshell.sh sudo ./demonizedshell.sh One-Liner Install Download D3m0n1z3dShell with all files: curl -L...

Privilege escalation

Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...

Wade Graphic Design FANTSY 代码问题漏洞

Wade Graphic Design FANTSY is a digital art application from Wade Graphic Design. A code issue vulnerability exists in Wade Graphic Design FANTSY v2.1.8, which stems from an insufficient file type filtering vulnerability that can be exploited by an authenticated, remote attacker with normal user...

Faculty Evaluation System 1.0 - Unauthenticated File Upload

Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Date: 5/29/2023 Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...

CVE-2023-33177

Xibo is a content management system CMS. A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the...

CVE-2023-33177 Xibo CMS vulnerable to Remote Code Execution through Zip Slip

Xibo is a content management system CMS. A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the...

PT-2023-24193 · Xibo · Xibo

Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 2.3.17 Xibo versions prior to 3.3.5 Description: A path traversal vulnerability exists in the Xibo CMS, allowing a specially crafted zip file to be uploaded via the layout import function by an authenticated user. This...

Online Pizza Ordering System v1.0 - Unauthenticated File Upload Exploit

Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...

Online Pizza Ordering System 1.0 Shell Upload

Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Date: 03/05/2023 Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...

CVE-2022-40471

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

Remote code execution

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

CVE-2022-40471

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

CVE-2022-40471

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

PT-2022-25396

Name of the Vulnerable Software and Affected Versions Clinic's Patient Management System version 1.0 Description The issue allows an attacker to upload an arbitrary PHP webshell via the profile picture upload functionality in users.php. This enables remote code execution. Recommendations For...

CVE-2022-40471

CVE-2022-40471 affects Clinic's Patient Management System v1.0. The flaw is an unrestricted file upload in the profile image handling (users.php) that allows uploading PHP web shells, enabling remote command execution. Connected documents provide exploit modules demonstrating RCE via the profile-...

Laravel Media Library Pro 2.1.6 Shell Upload

Exploit Title: Laravel Media Library Pro Vendor Homepage: https://spatie.be/ Software Link: https://spatie.be/products/media-library-pro Version: =1.17.10 & =2.1.6 Tested on: Laradock PHP 8.0 inside Ubuntu 20.04 CVE : CVE-2021-45040 Description: The Spatie media-library-pro library through 1.17.1...