CVE-2024-41454

An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file...

CVE-2024-41454

CVE-2024-41454 : The reports indicate an arbitrary file upload vulnerability in the Process Maker pm4core-docker 4.1.21-RC7 UI login page logo upload function. A crafted PHP or HTML file can be uploaded, enabling arbitrary code execution. The exact root cause described is an insecure file upload ...

CVE-2024-56278 WordPress WP Ultimate Exporter plugin <= 2.9.1 - Remote Code Execution (RCE) vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in Smackcoders Inc., WP Ultimate Exporter wp-ultimate-exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through = 2.9.1...

PT-2025-2838 · Unknown · Abdul Hakeem Build App Online

Name of the Vulnerable Software and Affected Versions: Abdul Hakeem Build App Online versions 1.0.0 through 1.0.23 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, allowing PHP Local File Inclusion. This problem affects Abdul Hakeem...

BIT-SUITECRM-2024-1644 Suite CRM v7.14.2 - RCE via Local File Inclusion

Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI...

Small CRM /admin/quote-details.php File SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from a SQL injection vulnerability, which originates from an SQL injection vulnerability in the id parameter of the /admin/quote-details.php file. An attacker can exploit this vulnerability to obtain sensitive information o...

Exploit for CVE-2024-54262

CVE-2024-54262 Import Export For WooCommerce ---------------...

Complaint Management System user-search.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter search in the file /admin/user-search.php that can lead to sql injection. No details of the vulnerability...

CVE-2024-10516

The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

CVE-2024-10516

CVE-2024-10516 is an active vulnerability affecting the Swift Performance Lite WordPress plugin. According to connected sources, versions up to and including 2.3.7.1 are vulnerable to an unauthenticated Local PHP File Inclusion via the ajaxify parameter, enabling arbitrary PHP code execution on t...

CVE-2024-10516 Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'

The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

CVE-2024-10516 Swift Performance Lite <= 2.3.7.1 - Unauthenticated Local PHP File Inclusion via 'ajaxify'

The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of...

CVE-2024-11952

The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions grant...

CVE-2024-11952

CVE-2024-11952 covers a Limited Local PHP File Inclusion in Classic Addons for WPBakery Page Builder (WordPress) up to v3.0, exploitable via the style parameter by an authenticated user with Contributor-level access (or higher) with permissions granted by an Administrator. The issue allows includ...

ProjectSend R1605 Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploadin...

ProjectSend r1295 - r1605 Unauthenticated Remote Code Execution

This module exploits an improper authorization vulnerability in ProjectSend versions r1295 through r1605. The vulnerability allows an unauthenticated attacker to obtain remote code execution by enabling user registration, disabling the whitelist of allowed file extensions, and uploading a malicio...

WordPress plugin nBlocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Exploit for Unrestricted Upload of File with Dangerous Type in Avaya Aura_Device_Services

CVE-2023-3722 Python POC for CVE-2023-3722 Avaya Aura Device S...

CVE-2024-10486

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

CVE-2024-10486

The CVE-2024-10486 issue affects the Google for WooCommerce WordPress plugin (versions