Super Forms < 4.9.703 - Unauthenticated PHP File Upload to RCE

The plugin uses the jQuery File Upload library, but does not properly ensure that PHP files are forbidden. Note: Exploitation of the issue is not as easy as the original advisory in the references states. If a form from the plugin with an upload field is present on the blog, and is used to upload...

SQL injection vulnerability in ne***.php file of website building system of Xi'an XiMeiBo Intelligent Technology Co.

Ltd. is a high-tech enterprise integrating development, manufacturing, sales and service. Xi'an Yanbo Intelligent Technology Co., Ltd. station building system ne.php file SQL injection vulnerability exists. An attacker can use the vulnerability to obtain sensitive information from the database...

PT-2021-10922 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin versions 4.x through 6.x Description: An insecure unserialize vulnerability was discovered in ThinkAdmin, which may lead to arbitrary remote code execution. The issue is located in files such as "app/admin/controller/api/Update.php...

TROJAN.WIN32.JORIK.DMSPAMMER.SZ Remote Memory Corruption

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: http://malvuln.com/advisory/bdcaed5042eba30f91b093f0bcb3caf3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: TROJAN.WIN32.JORIK.DMSPAMMER.SZ Vulnerability: Remote Memory Corruption Description: Memory corruptio...

CVE-2018-16795

OpenEMR 5.0.1.3 allows Cross-Site Request Forgery CSRF via library/ajax and interface/super, as demonstrated by use of interface/super/managesitefiles.php to upload a .php file...

CVE-2020-35657

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS aka Job Access With Speech product...

CVE-2020-35656

Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS aka Job...

Jaws 代码问题漏洞

Jaws is a framework and content management system for building dynamic websites. A remote code execution vulnerability exists in Jaws 1.8.0 and earlier versions. The vulnerability can be exploited by a remote authenticated administrator to execute OS commands by uploading a theme ZIP file...

Tiki Wiki CMS Groupware < 22 Multiple Vulnerabilities

Tiki Wiki CMS Groupware is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Command Execution Vulnerability in Ocean CMS-v10.9 (SeaCMS) ad***_pi***.php File

Ocean CMS, also known as SeaCMS, is developed by php+mysql, completely open source and free of charge, adaptive to computer, cell phone, tablet, APP multi-terminal, no encryption. There is a command execution vulnerability in the file adpi.php in SeaCMS-v10.9 SeaCMS. An attacker can exploit this...

Command execution vulnerability in vaeThink backend Au***.php file

vaeThink is a PHP content management framework built on Layui and tp5. A command execution vulnerability exists in the vaeThink backend Au.php file. An attacker can exploit this vulnerability to gain server privileges...

eClass LMS 2.6 Shell Upload

...

WordPress Canto plugin 代码问题漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A server-side request forgery vulnerability exists in WordPress Canto plugin 1.3.0. An attacker can...

Command execution vulnerability in MLECMS backend te***_la***.php file

MLECMS is a professional website building system based on PHP+MYSQL as the core development. A command execution vulnerability exists in the MLECMS backend tela.php file. An attacker can exploit this vulnerability to gain server privileges...

Secure File Manager < 2.8.2 - Authenticated Remote Command Execution

The Secure File Manager uses the elFinder libraries in an insecure way, allowing authenticated users to execute arbitrary file management commands. v2.6 attempted to fix the issue by adding a CSRF nonce, however the nonce is displayed for all users in the Dashboard via the Secure File Manager men...

HorizontCMS 1.0.0-beta Shell Upload Exploit

This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileuploa...

SQL Injection Vulnerability in the ne***.php file of Anjoye Real Estate System

Anleye is a domestic real estate website construction brand, the program is made of highly efficient PHP5+MYSQL architecture. A SQL injection vulnerability exists in the ne.php file of Anleye Real Estate System. An attacker can exploit the vulnerability to obtain sensitive information from the...

Augmented Reality <= 1.2.0 - Unauthenticated PHP File Upload leading to RCE

The elFinder connector used allows upload of PHP files as the 'uploadAllow' options contains 'text/x-php'. This allows an unauthenticated user to upload PHP files, leading to a RCE vulnerability. The issue is similar to https://wpscan.com/vulnerability/10389 POST...

File upload vulnerability in ShopXO Pa***.php file

ShopXO is an open source enterprise-level open source e-commerce system. A file upload vulnerability exists in the ShopXO Pa.php file. An attacker can exploit the vulnerability to upload webshell and gain server privileges...

File upload vulnerability in UCMS fi***.php file

UCMS is a content management system written in PHP. A file upload vulnerability exists in the UCMS fi.php file. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...