Beauty Parlour Management System 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Beauty Parlour Management System 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

Prison Management System 1.0 Add Administrator

============================================================================================================================================= | Title : Prison Management System v1.0 Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3...

CVE-2024-44724

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsiteurl parameter at /admin/siteadd.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value...

CVE-2024-44724

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsiteurl parameter at /admin/siteadd.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value...

CVE-2024-44724

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsiteurl parameter at /admin/siteadd.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value...

CVE-2024-44724

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsiteurl parameter at /admin/siteadd.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value...

CVE-2024-44724

AutoCMS v5.4 is affected by a PHP code injection vulnerability exposed via the txtsite_url parameter in /admin/site_add.php. Exploitation allows executing arbitrary PHP code, as described across multiple sources (e.g., Red Hat and CNNVD entries). The issue is tied to an input parameter in the API...

CVE-2024-7950 WP Job Portal <= 2.1.6 - Missing Authorization to Unauthenticated Local File Inclusion, Arbitrary Settings Update, and User Creation

The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Local File Inclusion, Arbitrary Settings Update, and User Creation in all versions up to, and including, 2.1.6 via several functions called by the 'checkFormRequest' function...

SPIP 4.2.9 Code Execution

============================================================================================================================================= | Title : SPIP 4.2.9 PHP Code execution Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits |...

Exploit for CVE-2024-7954

Description The porteplume plugin used by SPIP before 4.30-...

UBUNTU-CVE-2024-7954

The porteplume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request...

CMSsite 1.0 Shell Upload

============================================================================================================================================= | Title : CMSsite 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0.1 64 bits ...

Alphaware E-Commerce System 1.0 Code Injection

============================================================================================================================================= | Title : Alphaware E-CommerceSystem 1.0 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firef...

CVE-2024-6459

The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-6459

CVE-2024-6459 affects the News Element Elementor Blog Magazine WordPress plugin (versions prior to 1.0.6). It exposes a Local File Inclusion flaw via the template parameter, allowing an unauthenticated attacker to include and execute PHP files on the server, effectively enabling arbitrary PHP cod...

CVE-2024-7145

CVE-2024-7145 : JetElements (WordPress) is vulnerable to authenticated Local File Inclusion via the progress_type parameter in versions up to 2.6.20. Exploitation allows an authenticated attacker (Contributor+ level) to include and execute arbitrary PHP files on the server, bypassing some access ...

CVE-2024-7145 JetElements <= 2.6.20 - Authenticated (Contributor+) Arbitrary Local File Inclusion

The JetElements plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.20 via the 'progresstype' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the...

CVE-2024-7146

CVE-2024-7146 affects JetTabs for Elementor (WordPress plugin) up to v2.2.3. It allows authenticated users with Contributor-level access and above to perform Local File Inclusion via the switcher_preset parameter, enabling inclusion/ execution of arbitrary PHP code on the server and potentially b...

CVE-2024-6460

The Grow by Tradedoubler WordPress plugin through 2.0.21 is vulnerable to Local File Inclusion via the component parameter. This makes it possible for attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files...

CVE-2024-43275

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE...