WordPress 5.0.0 crop-image Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Crop-image Shell Upload', 'Description' = %q This module exploits a path traversal and a local file inclusion vulnerability on WordPres...

CVE-2017-16941

October CMS through 1.0.428 does not prevent use of .htaccess in themes, which allows remote authenticated users to execute arbitrary PHP code by downloading a theme ZIP archive from /backend/cms/themes, and then uploading and importing a modified archive with two new files: a .php file and a...

SquirrelMail 1.2.x - Theme Remote Command Execution

source: https://www.securityfocus.com/bid/4385/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. SquirrelMail allows for extended functionality through a plugin system. A vulnerability has been reporte...

SIPS - vulnerable to anyone gaining admin access.

!/exploit/by/b0iler sips - http://sourceforge.net/projects/sips/ versions lower than 0.3.1 Taken from freshmeat: "About: SIPS is an integrated Weblog and link-indexing system written in PHP. It is aimed at those with access to databaseless, PHP-enabled Web servers who want to run a Weblog site li...