PhreeBooks ERP 5.2.5 Remote Command Execution

Exploit Title: PhreeBooks ERP 5.2.5 - Remote Command Execution Date: 2020-05-01 Author: Besim ALTINOK Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.4, v5.2.5 Tested on: Xampp Credit: İsmail BOZKURT...

PhreeBooks ERP 5.2.5 - Remote Command Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: PhreeBooks ERP 5.2.5 - Remote Command Execution Author: Besim ALTINOK Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.4, v5.2.5 Tested on: Xampp Credit: İsmai...

Local File Inclusion

Teampass is vulnerable to local file inclusion. It does not sanitize the newValue HTTP request provided by the user along with sources/users.queries.php to choose language preferences, allowing a user to include malicious PHP file and to execute directly on the server...

CVE-2020-12479

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

Directory traversal

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal...

School ERP Pro 1.0 - Remote Code Execution

Exploit Title: School ERP Pro 1.0 - Remote Code Execution Date: 2020-04-28 Author: Besim ALTINOK Vendor Homepage: http://arox.in Software Link: https://sourceforge.net/projects/school-erp-ultimate/ Version: latest version Tested on: Xampp Credit: İsmail BOZKURT Description...

PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload

Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download...

MapPress Maps Pro < 2.53.9 - Remote Code Execution (RCE) due to Incorrect Access Control in AJAX Actions

The pro version of this plugin registers several AJAX actions that call functions which lack capability checks and nonce checks, specifically the ‘ajaxget’, ‘ajaxsave’, and ‘ajaxdelete’ functions in mappresstemplate.php. As such, it is possible for a logged-in attacker with minimal permissions,...

SQL Injection Vulnerability in Heybbs 1.2 re***.php File

HEYBBS micro-community is a front-end based on bootstrap+jq+css, back-end php+mysql development of micro-community program. A SQL injection vulnerability exists in the Heybbs 1.2 re.php file, which can be exploited by attackers to obtain database information...

CVE-2020-11811

In qdPM 9.1, an attacker can upload a malicious .php file to the server by exploiting the Add Profile Photo capability with a crafted content-type value. After that, the attacker can execute an arbitrary command on the server using this malicious file...

SQL Injection Vulnerability in ZZCMS Backend zt***_se***.php File

zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the ztse.php file in the backend of ZZCMS, which can be exploited by attackers to obtain sensitive information from the database...

WP Advanced Search < 3.3.6 - Unauthenticated SQL Injection

Due to using string concatenation, allowing direct access to a vulnerable PHP file and missing best-practices for coding SQL operations, there exists an unauthenticated SQL injection in autocompletion-PHP5.5.php. After a month of trying to contact the Plugin author Twitter, email, we followed...

CVE-2019-11574

An issue was discovered in Simple Machines Forum SMF before release 2.0.17. There is SSRF related to Subs-Package.php and Subs.php because user-supplied data is used directly in curl calls...

Razer: Source Code Disclosure

The tester discovered a PHP file with source code exposed. There was no known exploit...

Remote Code Execution Through Image Uploads in BookStack

Impact A user could upload PHP files through image upload functions, which would allow them to execute code on the host system remotely. They would then have the permissions of the PHP process. This most impacts scenarios where non-trusted users are given permission to upload images in any area o...

SQL Injection Vulnerability in Jinwei Mobile Mall System or***.php File

Jinwei mobile mall system is a micro-business customers with a public number, imitation hand Tao page layout, support embedded video playback. Support customized model specifications, the main specifications support attached pictures, each subdivided model support inventory control, subdivided...

CVE-2020-10386

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory...

Directory traversal

admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory...

EjuCMS fo***.php file has SQL injection vulnerability

EjuCMS is a localized O2O real estate website platform system. A SQL injection vulnerability exists in the EjuCMS fo.php file. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in CloudYou CMS Ma***.php File (CNVD-2020-23629)

CloudYou CMS is a free + open source urban substation content management system based on TP5.0 framework as the core development. CloudUnion CMS Ma.php file SQL injection vulnerability. Attackers can use the vulnerability to obtain database sensitive information...