CVE-2021-47753

CVE-2021-47753 affects phpKF CMS 3.00 Beta y6 with an unauthenticated file upload that bypasses extension checks to gain arbitrary code execution. An attacker can upload a PHP file disguised as PNG, rename it, and run system commands via a crafted web shell parameter. Public references (Exploit-D...

CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...

CVE-2021-47753 phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter...

PT-2026-3030

Name of the Vulnerable Software and Affected Versions phpKF CMS version 3.00 Beta y6 Description The software contains an unauthenticated file upload issue that enables remote attackers to execute arbitrary code. This is achieved by bypassing file extension checks, allowing attackers to upload a...

phpKF CMS security vulnerability

phpKF CMS is a content management system developed by the Turkish company phpKF. The phpKF CMS 3.00 Beta y6 version contains a security vulnerability. This vulnerability stems from an unverified file upload function, which may bypass file extension checks, allowing remote code execution...

EUVD-2008-6483

Malware in sbrugna...

EUVD-2008-6413

Malware in sbrugna...

phpKF CMS 3.00 Beta y6 Remote Code Execution

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Date: 18/12/2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It...

phpKF CMS 3.00 Beta y6 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It is a very popula...

phpKF CMS 3.00 Beta y6 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: phpKF CMS 3.00 Beta y6 - Remote Code Execution RCE Unauthenticated Date: 18/12/2021 Exploit Author: Halit AKAYDIN hLtAkydn Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 3.00 Category: Webapps Tested on: Linux/Windows phpKF-CMS; It...

phpKF 1.10 XSS / CSRF / SQL Injection Vulnerabilities

phpKF version 1.10 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Exploit Title: phpKF - Multi Vulnerabilities XSS , SQLi , CSRF Google Dork: Yazılım: phpKF © 2007-2019 Exploit Author: Ahmethan GULTEKIN @inject0r16 b4 Vendor Homepage:...

phpKF 1.10 XSS / CSRF / SQL Injection

Exploit Title: phpKF - Multi Vulnerabilities XSS , SQLi , CSRF Google Dork: Yazılım: phpKF © 2007-2019 Date: 06.07.2018 Exploit Author: Ahmethan GULTEKIN @inject0r16 b4 Vendor Homepage: https://www.phpkf.com/ Software Link: https://www.phpkf.com/indirme.php Version: 1.10 Tested on: Windows 7-8-10...

phpKF 'forum_duzen.php' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30318/info phpKF is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

phpKF-Portal 1.10 baslik.php tema_dizin Parameter Traversal Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30566/info phpKF-Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to vi...

phpKF-Portal 1.10 anket_yonetim.php portal_ayarlarportal_dili Parameter Traversal Local File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30566/info phpKF-Portal is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to vi...

phpKF Forum 1.80 profil_degistir.php CSRF Exploit

No description provided by source...

PHPKF Forum 1.80 - 'profil_degistir.php' Cross-Site Request Forgery

Exploit Title : phpKF Forum profildegistir.php CSRF Exploit. Google Dork : php Kolay Forum phpKF © 2007 - 2010 phpKF Ekibi Date : 05-12-2010 Author : FreWaL Software Link : http://www.phpkf.com/dosya.php?no=935 Version : 1.80 and tested on All version My Website : www.imhatimi.org & www.ihtilal.i...

phpKF Forum 1.80 Cross Site Request Forgery

Exploit Title : phpKF Forum profildegistir.php CSRF Exploit. Google Dork : php Kolay Forum phpKF © 2007 - 2010 phpKF Ekibi Date : 05-12-2010 Author : FreWaL Software Link : http://www.phpkf.com/dosya.php?no=935 Version : 1.80 and tested on All version My Website : www.imhatimi.org & www.ihtilal.i...

PHPKF Forum 1.80 - profil_degistir.php Cross-Site Request Forgery

PHPKF Forum 1.80 - profildegistir.php Cross-Site Request Forgery Exploit Title : phpKF Forum profildegistir.php CSRF Exploit. Google Dork : php Kolay Forum phpKF © 2007 - 2010 phpKF Ekibi Date : 05-12-2010 Author : FreWaL Software Link : http://www.phpkf.com/dosya.php?no=935 Version : 1.80 and...

Directory traversal

Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. dot dot in the 1 temadizin parameter to baslik.php and 2 portalayarlarportaldili parameter to anketyonetim.php. NOTE: the provenance of this information is unknown; the...