CVE-2025-58996

Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through = 3.1.1...

EUVD-2025-15805

Malicious code in bioql PyPI...

CVE-2025-54443

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0...

CVE-2025-47550 WordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Instantio instantio allows Upload a Web Shell to a Web Server.This issue affects Instantio: from n/a through = 3.3.16...

PT-2025-15941 · Unknown · Labcat Processing Projects

Name of the Vulnerable Software and Affected Versions: LABCAT Processing Projects versions 1.0.0 through 1.0.2 Description: The issue allows an attacker to upload a web shell to a web server, potentially leading to unauthorized access and control. This is due to an unrestricted upload of files wi...

PT-2024-35246 · Unknown · Basepress Migration Tools

Name of the Vulnerable Software and Affected Versions: BasePress Migration Tools versions 1.0.0 and earlier Description: The issue allows an attacker to upload a web shell to a web server by exploiting an Unrestricted Upload of File with Dangerous Type vulnerability in the BasePress Migration...

Garage Management System 代码问题漏洞

SourceCodester Garage Management System Cms-Website is a garage management system by mayurik personal developer. It can help you manage all your vehicles, cars and motorcycles. A security vulnerability exists in Garage Management System version 1.0, which stems from the vulnerability of...

CVE-2021-24981

The Directorist WordPress plugin before 7.0.6.2 was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory...

Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload

The plugin was vulnerable to Cross-Site Request Forgery to Remote File Upload leading to arbitrary PHP shell uploads in the wp-content/plugins directory. This vulnerability was seen actively exploited by Sucuri in the wild for ransomware attacks. PoC 1. Authenticate as any user. 2. Paste below...

in fisharebest/webtrees

Description The program allows to upload files with dangerous file types in the media upload section, leading to XSS and other exploits like shell uploads, HTML injection leading to Social Engineering attacks, etc ..., I have demonstrated HTML file upload leading to XSS here. Proof of Concept mov...

imageVue Gallery r16 XSS Vulnerability

No description provided by source. ======================================================================================== | Title : imageVue Gallery Cross Site Scripting Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

FaScript FaUpload - SQL Injection

!!..:: ZAC003 ::..!! -+ Vive int Iranian WhiteHat Nomads Group +- ------------------------------------------------------------------------------------------- Reporter : ZAC003 From Aria-Security.Net Script Download :...