CVE-2022-35426

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file...

Online Class and Exam Scheduling System SQL注入漏洞

Online Class and Exam Scheduling System is an online class and exam scheduling system. Online Class and Exam Scheduling System 1.0 suffers from a SQL injection vulnerability that originates from an unknown function in the file /pages/classsched.php being affected. The operation parameter class ca...

GHSA-JXG9-2CH7-F552 Feehi CMS arbitrary code execution via crafted PHP file

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-34971

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-34971

An arbitrary file upload vulnerability in the Advertising Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-34965

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/cominstaller. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this ...

CVE-2022-34965

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/cominstaller. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this ...

CVE-2022-34965

OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/cominstaller. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this ...

CVE-2017-20130 Itech Real Estate Script search_property.php sql injection

A vulnerability was found in Itech Real Estate Script 3.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /real-estate-script/searchproperty.php. The manipulation of the argument propertyfor leads to sql injection. The attack can be...

CVE-2022-32420

College Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file...

CVE-2022-32420

College Management System v1.0 was discovered to contain a remote code execution RCE vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file...

CVE-2022-32420

CVE-2022-32420 affects College Management System v1.0, with a remote code execution (RCE) vulnerability exploitable via /College/admin/teacher.php and a crafted PHP file. Multiple connected sources corroborate an RCE condition, with CPAI-2022-0895 describing an arbitrary file upload that can lead...

WP All Import < 3.6.8 - Admin+ Arbitrary File Upload

The plugin accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE As an admin upload a php file containing the palyload zipped along with a valid XML...

Library Management System With QR Code 1.0 Shell Upload

Title: Library Management System with QR code AttendanceFile Upload RCE Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Date: 27.06.2022 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...

Privilege escalation

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file...

CVE-2022-31374

An arbitrary file upload vulnerability /images/background/1.php in of SolarView Compact 6.0 allows attackers to execute arbitrary code via a crafted php file...

Remote code execution

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution...

CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell...

Sql injection

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell...

Sql injection

The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution...