58 matches found
BIT-PHPLIST-2020-22249
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...
CVE-2023-52154
File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...
CVE-2023-52154
File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...
CVE-2023-52154
File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...
Unrestricted file upload
File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...
CVE-2023-52154
File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...
CVE-2023-52154
File Upload vulnerability in pmb/cameraupload.php in PMB 7.4.7 and earlier allows attackers to run arbitrary code via upload of crafted PHTML files...
PMB security breach
PMB is a 100% free document management reference tool from the PMB Services team. A security vulnerability exists in PMB 7.4.7 and prior versions that originated from allowing an unauthenticated, remote attacker to run arbitrary code via pmb/cameraupload.php using a crafted PHTML file...
CVE-2023-31505
An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file...
CVE-2023-31505
An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file...
CVE-2023-27235
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file...
JIZHICMS 代码问题漏洞
Extreme Networks Technology JIZHICMS Extreme CMS is an open source content management system CMS from China's Extreme Networks Technology. A security vulnerability exists in JIZHICMS version v2.4.5, which originates from the admincCommonController.php component that allows an attacker to execute...
CVE-2023-27235
An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file...
CS-Cart 1.3.3 - authenticated RCE
Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...
CS-Cart 1.3.3 Remote Code Execution
Exploit Title: CS-Cart authenticated RCE Date: 2020-09-22 Exploit Author: 0xmmnbassel Vendor Homepage: https://www.cs-cart.com/e-commerce-platform.html Tested at: ver. 1.3.3 Vulnerability Type: authenticated RCE get PHP shells from http://pentestmonkey.net/tools/web-shells/php-reverse-shell edit ...
Gila CMS File Unrestricted Upload Vulnerability
Gila CMS is an open source content management system CMS based on PHP and MySQL. Gila CMS 1.11.8 suffers from a file unrestricted upload vulnerability. An attacker can upload dangerous types of files to lzld/thumb?src= URI via .phar or .phtml, which can enable remote code execution...
CVE-2020-5514
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI...
CVE-2020-5514
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI...
Unrestricted file upload
Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI...
CVE-2015-9340
The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files...