CVE-2020-20698

A remote code execution RCE vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file...

Church Management System 1.0 - SQL Injection (Authentication Bypass) + Arbitrary File Upload + RCE

Exploit Title: Church Management System 1.0 - SQL Injection Authentication Bypass + Arbitrary File Upload + RCE Date: 05-07-2021 Exploit Author: Eleonora Guardini eleguardini93 at gmail dot com or eleonora.guardini at dedagroup dot com Vendor Homepage: https://www.sourcecodester.com Software Link...

Speed Booster Pack 4.2.0-beta - Authenticated (admin+) RCE

The plugin did not validate its cachingexcludeurls and cachingincludequerystrings settings before outputting them in a PHP file, which could lead to RCE PoC PoC | Authenticated RCE | Caching Exclude URLs / Cached query strings: POST /wp-admin/admin.php?page=sbp-settings HTTP/2 Host: example.com...

Super Progressive Web Apps < 2.1.12 - Authenticated (Low Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, does not properly check for CSRF, authorisation and the content of the uploaded archive file. This allows attackers to upload an archive with a PHP file, leading to RCE by either using a low...

Super Progressive Web Apps < 2.1.12 - Authenticated (Low Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, does not properly check for CSRF, authorisation and the content of the uploaded archive file. This allows attackers to upload an archive with a PHP file, leading to RCE by either using a low...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Autoptimize plugin versions prior to 2.7.8, which allows an...

CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname...

CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname...

CVE-2021-34128

LaikeTui 3.5.0 allows remote authenticated users to execute arbitrary PHP code by using index.php?module=system&action=pay to upload a ZIP archive containing a .php file, as demonstrated by the ../../../../phpinfo.php pathname...

LaikeTui 代码问题漏洞

LaikeTui Laike e-commerce is a stable and small open source mall system for individual developers. A code issue vulnerability exists in LaikeTui that allows an authorized user to execute code by uploading a zip package with a php file via index.php?module=system&action=pay, which can be used by a...

VulnCheck KEV: CVE-2020-29279

PHP remote file inclusion in the assignresumetpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution...

CVE-2020-26678

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution...

Remote code execution

vFairs 3.3 is affected by Remote Code Execution. Any user logged in to a vFairs virtual conference or event can abuse the functionality to upload a profile picture in order to place a malicious PHP file on the server and gain code execution...

Gallery From Files <= 1.6.0 - Unauthenticated RCE

The upload feature of the plugin does not properly check for the allowed extensions, allowing them to be set in the request and attempting to remove the dangerous ones such as .php and .js, but forgetting about .php4, .html etc. As a result, unauthenticated users could upload arbitrary .php4 file...

SP Project & Document Manager < 4.22 - Authenticated Shell Upload

The plugin allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that php files could still be uploaded by changing the file extension's case, for...

WordPress Classyfrieds Plugin Remote Code Execution Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A remote code execution vulnerability exists in WordPress Classyfrieds Plugin 3.8 and earlier...

LAOBANCMS 代码问题漏洞

LAOBANCMS is a content management system based on PHP and MySQL. LAOBANCMS v2.0 version of the existence of arbitrary file upload vulnerability, the vulnerability stems from the unrestricted file upload allows remote attackers can exploit the vulnerability to upload arbitrary files, the method is...

CVE-2021-24242

The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed subpage parameter of the plugin's Tools, allowing high privilege users to include any local php file...

CVE-2021-24242

Affected software: Tutor LMS WordPress plugin (pre-1.8.8). Vulnerability: Local File Inclusion via a maliciously crafted sub_page parameter in the Tools page. Impact: High-privilege users can include arbitrary local PHP files (confidentiality/integrity concerns for the site). Root cause: Improper...

MTN Group: Remote code execution due to unvalidated file upload

Summary: Hello I found a critical vunerability in one of your site, where user can upload any file type as a profile picture including php file Steps To Reproduce: 1. Visit https://careers.mtn.cm and register as a user. 2. After successful registration, login and update your data. 3. When uploadi...