CVE-2024-51152

File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...

CVE-2024-51152

File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...

CVE-2024-51152

File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...

CVE-2024-51152

File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component...

Simple College Website 1.0 Shell Upload

============================================================================================================================================= | Title : Simple College Website 1.0 code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 129.0...

CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: CMSimple 5.15 - Remote Command Execution Date: 04/28/2024 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.cmsimple.org Software Link: https://www.cmsimple.org/downloadscmsimple50/CMSimple5-15.zip Version: latest Tested on: MacOS Log in to SimpleCMS. Go to Settings CM...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution Exploit

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on: Craft CMS 4.4.14...

File Manager Pro < 1.8 - Remote Code Execution via CSRF

Description The plugin does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. As a Super Admin, run the following code ...

Total CMS 1.7.4 - Remote Code Execution (RCE)

Exploit Title: Total CMS 1.7.4 - Remote Code Execution RCE Date: 02/06/2023 Exploit Author: tmrswrr Version: 1.7.4 Vendor home page : https://www.totalcms.co/ 1 Go to this page and click edit page button https://www.totalcms.co/demo/soccer/ 2After go down and will you see downloads area 3Add in...

WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE

!/usr/bin/env Exploit Title: WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE Date: 22-01-2023 Exploit Author: BLY Vendor Homepage: https://wpscan.com/vulnerability/10389 Version: File Manager plugin 6.0-6.9 Tested on: Debian CVE : CVE-2020-25213 import...

MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Vulnerability

Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane CVE ID: CVE-2022-26149 Confirmed on release 2.8.3-pl Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt Vendor:...

MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution

Exploit Title: MODX Revolution v2.8.3-pl - Authenticated Remote Code Execution Exploit Author: Sarang Tumne @CyberInsane Twitter: @thecyberinsane Date: 26th Feb'2022 CVE ID: CVE-2022-26149 Confirmed on release 2.8.3-pl Reference: https://github.com/sartlabs/0days/blob/main/Modx/Exploit.txt Vendor...

ChurchRota 2.6.4 - RCE (Authenticated)

Exploit Title: ChurchRota 2.6.4 - RCE Authenticated Date: 1/19/2021 Exploit Author: Rob McCarthy @slixperi Vendor Homepage: https://github.com/Little-Ben/ChurchRota Software Link: https://github.com/Little-Ben/ChurchRota Version: 2.6.4 Tested on: Ubuntu import requests from pwn import listen...

HaPe PKH 1.1 - Arbitrary File Upload

HaPe PKH 1.1 - Arbitrary File Upload Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Test...

inmak.eu XSS vulnerability

Open Bug Bounty ID: OBB-608696 Description| Value ---|--- Affected Website:| inmak.eu Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Cart Engine 3.0.0 Remote Code Execution

No description provided by source. ? Cart Engine 3.0.0 Remote Code Execution Vendor: C97net Product web page: http://www.c97.net Affected version: 3.0.0 Summary: Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL...

Uploader by CeleronDude 5.3.0 - Upload Vulnerability

No description provided by source. Uploader by CeleronDude 5.3.0 - Upload Vulnerability Discovered by : Stink' Date : 2009-12-17 for upload. 2010-01-17 for Settings.db retrieve password. Dork : Uploader by CeleronDude. Website Publisher : a...

osDate (uploadvideos.php) Shell Upload Vulnerability

No description provided by source. ==================================================== osDate Upload Shell Vulnerability uploadvideos.php ==================================================== Date : 05/08/2010 Author : Xa7m3d Tested ON : ubuntu 9.10 MY Team : Currently no Software Link :...

w-CMS 2.0.1 Remote Code Execution

Exploit Title: w-CMS 2.0.1 Remote Code Execution Vulnerability Google Dork: intext:"Powered by w-CMS" Date: 15/08/2013 Exploit Author: ICheerNo0M - http://icheernoom.blogspot.com/ Vendor Homepage: http://w-cms.org/ Software Link: - Version: 2.0.1 Tested on: Windows 7 + PHP 5.2.6 --- Vuln Code :...

Free Blog 1.0 Shell Upload / Arbitrary File Deletion

Free Blog 1.0 Multiple Vulnerability By cr4wl3r http://bastardlabs.info http://bastardlabs.info/exploits/FreeBlog.txt Software Link: http://blog.sdnex.com/ Tested: Ubuntu 12.04.1 LTS Proof of concept: Arbitrary File Upload Vulnerability http://bastardlabs/blogpath/up.php Shell will be available...