51 matches found
CVE-2026-48946
CVE-2026-48946 affects the K2 frontend Joomla extension (getk2.com) prior to version 2.26. The issue allows a K2 Author to upload a PHP file (e.g., shell.php) via the article-attachment upload path; Apache mod_php executes the file under the K2 web user, enabling arbitrary PHP code execution in t...
EUVD-2026-39442
The K2 frontend article-attachment upload path accepts files whose extension is .php, and Apache's standard modphp matches .php$ and executes them under the K2 web user. A K2 Author can upload a shell.php, then fetch /media/k2/attachments/shell.php and execute arbitrary PHP code in the web...
CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...
CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...
CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...
CVE-2024-51152
File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...
Simple College Website 1.0 Shell Upload
============================================================================================================================================= | Title : Simple College Website 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0...
CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)
Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...
Craft CMS 4.4.14 - Unauthenticated Remote Code Execution Exploit
!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on: Craft CMS 4.4.14...
File Manager Pro < 1.8 - Remote Code Execution via CSRF
Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. As a Super Admin, run the following code ...
Total CMS 1.7.4 - Remote Code Execution (RCE)
Exploit Title: Total CMS 1.7.4 - Remote Code Execution RCE Date: 02/06/2023 Exploit Author: tmrswrr Version: 1.7.4 Vendor home page : https://www.totalcms.co/ 1 Go to this page and click edit page button https://www.totalcms.co/demo/soccer/ 2After go down and will you see downloads area 3Add in...
WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE
!/usr/bin/env Exploit Title: WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Date: 22-01-2023 Exploit Author: BLY Vendor Homepage: https://wpscan.com/vulnerability/10389 Version: File Manager plugin 6.0-6.9 Tested on: Debian CVE : CVE-2020-25213 import...
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Vulnerability
Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26149 Confirmed on release 2.8.3-pl Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt Vendor:...
MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution
Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 26th Feb'2022 CVE ID: CVE-2022-26149 Confirmed on release 2.8.3-pl Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt Vendor...
ChurchRota 2.6.4 - RCE (Authenticated)
Exploit Title: ChurchRota 2.6.4 - RCE Authenticated Date: 1/19/2021 Exploit Author: Rob McCarthy @slixperi Vendor Homepage: https://github.com/Little-Ben/ChurchRota Software Link: https://github.com/Little-Ben/ChurchRota Version: 2.6.4 Tested on: Ubuntu import requests from pwn import listen...
HaPe PKH 1.1 - Arbitrary File Upload
HaPe PKH 1.1 - Arbitrary File Upload Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Test...
inmak.eu XSS vulnerability
Open Bug Bounty ID: OBB-608696 Description| Value ---|--- Affected Website:| inmak.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Uploader by CeleronDude 5.3.0 - Upload Vulnerability
No description provided by source. Uploader by CeleronDude 5.3.0 - Upload Vulnerability Discovered by : Stink' Date : 2009-12-17 for upload. 2010-01-17 for Settings.db retrieve password. Dork : Uploader by CeleronDude. Website Publisher : a...
osDate (uploadvideos.php) Shell Upload Vulnerability
No description provided by source. ==================================================== osDate Upload Shell Vulnerability uploadvideos.php ==================================================== Date : 05/08/2010 Author : Xa7m3d Tested ON : ubuntu 9.10 MY Team : Currently no Software Link :...
Cart Engine 3.0.0 Remote Code Execution
No description provided by source. ? Cart Engine 3.0.0 Remote Code Execution Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL...