CVE-2023-33601

An arbitrary file upload vulnerability in /admin.php?c=upload of phpok v6.4.100 allows attackers to execute arbitrary code via a crafted PHP file...

File Manager Advanced Shortcode <= 2.3.2 - Unauthenticated Remote Code Execution through shortcode

The plugin does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. 1. Add the following shortcode to a...

CVE-2023-31903

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file...

Unrestricted file upload

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file...

CVE-2023-31903

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file...

PT-2023-21295 · Sourcecodester · Sourcecodester Service Provider Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Service Provider Management System version 1.0 Description: A critical issue has been found in the system, affecting the file /classes/Master.php?f=delete service. The manipulation of the id argument leads to SQL injection,...

CVE-2023-2661

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit ha...

CVE-2023-30090

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMSUpfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-30122

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=savemenu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-30090

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMSUpfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-30122

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=savemenu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2023-30090

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMSUpfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file...

Arbitrary Code Execution

tcg/voyager is vulnerable to Arbitrary Code Execution. The vulnerability exists due to improper input sanitization which allows an attacker to execute arbitrary codes via a crafted .php file to the media component...

PT-2023-19139 · Unknown · Sourcecodester Online Dj Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online DJ Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Online DJ Management System. The issue affects an unknown function of the file admin/events/manage event.php,...

XML.php JSONP hijacking

Description The XML.php file has a JSONP hijacking vulnerability. When a user visits a page carefully crafted by the attacker, the JSON data is obtained and sent to the attacker. Proof of Concept We created an HTML file as a proof of concept to showcase the vulnerability. This HTML file will...

CVE-2020-36070

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component...

CVE-2020-36070

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component...

Design/Logic Flaw

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component...

CVE-2020-36070

Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component...

CVE-2023-2097

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched...