PT-2025-47296

Name of the Vulnerable Software and Affected Versions WinPlus version 24.11.27 Description An issue exists in WinPlus that allows for the upload of dangerous file types. An attacker can upload a 'webshell' by sending a POST request to the ''/WinplusPortal/ws/sWinplus.svc/json/uploadfile'' endpoin...

PT-2024-35778 · Freepbx · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX version 17.0.19.17 Description: A vulnerability was discovered in FreePBX, allowing high-privilege administrators to insert unwanted files due to a lack of verification of the type of uploaded files. This issue can be exploited for...

PT-2024-37393 · Unknown · Simple Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: Simple Online Hotel Reservation System version 1.0 Description: A critical vulnerability has been found in the Simple Online Hotel Reservation System, affecting some unknown functionality of the file edit room.php. The manipulation of the pho...

PT-2024-26309 · Inxedu · Inxedu

Name of the Vulnerable Software and Affected Versions: inxedu version 2024.4 Description: The issue allows attackers to execute arbitrary code by uploading a crafted .jsp file, exploiting an arbitrary file upload vulnerability in the gok4 method. Recommendations: For inxedu version 2024.4, consid...

PT-2024-22868 · Mozilocms · Mozilocms

Name of the Vulnerable Software and Affected Versions: moziloCMS version 2.0 Description: The issue allows attackers to bypass file upload restrictions, potentially leading to unauthorized file execution or storage of malicious content. This is achieved by renaming files, which can result in the...

PT-2022-27641 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: Pwndoc version 0.5.3 Description: An issue in the "/api/audits" component allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. Recommendations: For Pwndoc version 0.5.3, consider disabling the...