CVE-2023-48965

An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows attackers to getshell via providing a crafted URL to download a malicious PHP file...

CVE-2023-49028

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file...

PT-2023-31031 · Unknown · Smpn1Smg Absis

Name of the Vulnerable Software and Affected Versions: smpn1smg absis versions 2017-10-19 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the nama parameter in the "lock/lock.php" file. This is a Cross Site Scripting vulnerability. Recommendations: For...

VulnCheck KEV: CVE-2018-11222

Local File Inclusion LFI in Artica Pandora FMS through version 7.23 allows an attacker to call any php file via the /pandoraconsole/ajax.php ajax endpoint...

CVE-2023-6274

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...

Out-of-bounds

A vulnerability was found in Beijing Baichuo Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to...

CVE-2023-6274 Byzoro Smart S80 PHP File updatelib.php unrestricted upload

A vulnerability was found in Byzoro Smart S80 up to 20231108. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /sysmanage/updatelib.php of the component PHP File Handler. The manipulation of the argument fileupload leads to unrestricted...

CVE-2023-6274

Byzoro Smart S80 up to 20231108 has a vulnerability in /sysmanage/updatelib.php (PHP File Handler) where the file_upload parameter can be manipulated to achieve unrestricted uploads. The vulnerability is exploitable remotely and the exploit has been publicly disclosed (VDB-246103). Connected advi...

CVE-2023-45880

GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname and extension. This allows creation of PHP files outside of the uploads...

PT-2023-30518 · Unknown · Guest Entries

Name of the Vulnerable Software and Affected Versions: Guest Entries versions prior to 3.1.2 Description: The file uploads feature in Guest Entries did not prevent the upload of PHP files, which may lead to code execution on the server by authenticated users. Recommendations: For versions prior t...

PT-2023-6916 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions up to 11.9 Description: A critical issue was found in Tongda OA, affecting some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the VU ID argument leads to SQL injection...

Exploit for SQL Injection in Code-Projects Blood_Bank

CVE-2023-46022-Code-Projects-Blood-Bank-1.0-OOB-SQL-Injection-...

CVE-2023-47129

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload

Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server PoC Setup As admin: - Go the the...

Welcart e-Commerce < 2.9.5 - Subscriber+ Arbitrary File Upload

Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server Setup As admin: - Go the the...

CVE-2023-1714

Unsafe variable extraction in bitrix/modules/main/classes/general/useroptions.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via 1 appending arbitrary content to existing PHP files or 2 PHAR deserialization...

PT-2023-6687

Name of the Vulnerable Software and Affected Versions Bitrix24 version 22.0.300 Description An unsafe variable extraction issue exists in the bitrix/modules/main/classes/general/user options.php file. This allows remote authenticated attackers to execute arbitrary code through two methods:...

PT-2023-32367 · Hu60T +1 · Hu60T +1

Name of the Vulnerable Software and Affected Versions: hu60t hu60wap6 affected versions not specified Description: A problematic vulnerability was found in the markdown function of the file src/class/ubbparser.php. This issue leads to cross-site scripting and can be exploited remotely...

FanCMS Cross-Site Scripting Vulnerability

FanCMS is a content management system for PwnCYN individual developers. A security vulnerability exists in FanCMS version v.1.0.0. The vulnerability can be exploited to execute arbitrary code via the content1 parameter in the demo.php file...

PT-2023-30064 · Fancms · Fancms

Name of the Vulnerable Software and Affected Versions: FanCMS version 1.0.0 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via the content1 parameter in the "demo.php" file. Recommendations: For FanCMS version 1.0.0, avoid using the content1 parameter in th...