2595 matches found
Online Reviewer System 1.0 Shell Upload
Exploit Title: Online Reviewer System 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja Date: 2021-09-21 Vendor Homepage: https://www.sourcecodester.com/php/12937/online-reviewer-system-using-phppdo.html Software Link:...
E-Negosyo System 1.0 Shell Upload
Exploit Title: E-Negosyo System 1.0 - Authenticated RCE Date: 2021-09-22 Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version: 1.0 Category: Webapps...
GHSA-RF3W-29H3-R636 Arbitrary Code Execution in feehi/cms
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file...
Online Food Ordering System 2.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Online Food Ordering System 2.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html Software Link:...
Scroll Baner <= 1.0 - CSRF to RCE
The plugin does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS function submitRequest var xhr = new...
Online Food Ordering System 2.0 - Remote Code Execution (RCE) (Unauthenticated)
Exploit Title: Online Food Ordering System 2.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Abdullah Khawaja hax.3xploit Date: 2021-09-20 Vendor Homepage: https://www.sourcecodester.com/php/14951/online-food-ordering-system-php-and-sqlite-database-free-source-code.html Software Lin...
RGCMS Arbitrary File Writing Vulnerability
RGCMS is a web CMS. v1.06 of RGCMS contains a security vulnerability that could be exploited by attackers to execute arbitrary code via a crafted PHP file...
CVE-2020-21483
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file...
CVE-2020-21483
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file...
CVE-2020-21480
An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2020-21481
An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file...
CVE-2020-21480
An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2020-21322
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2020-21322
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file...
Arbitrary file deletion
An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file...
Privilege escalation
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file...
CVE-2020-21483
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file...
CVE-2020-21481
An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file...
CVE-2020-21480
CVE-2020-21480 affects RGCMS v1.06. The vulnerability is an arbitrary file write that allows an attacker to execute arbitrary code through a crafted PHP file. Impact is stated as high (CVE details mention potential code execution, with CVSSv3.1 vector indicating network access, low complexity, un...
CVE-2020-21480
An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file...