OpenEMR 5.0.1.3 - (manage_site_files) Remote Code Execution Exploit

Exploit Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: Prior to 5.0.1.4 Tested on: Ubuntu 18.04...

YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-34497)

YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. A stored cross-site scripting vulnerability exists in the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter in YzmCMS version 5.6. The vulnerabilit...

WordPress Plugin Arbitrary File Upload Vulnerability

WordPress Plugin is an open source application plugin for WordPress. WordPress plugin N5 Upload Form version 1.0 has an arbitrary file upload vulnerability that can be exploited by attackers to upload arbitrary files...

FortiLogger Arbitrary File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...

FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FortiLogger Arbitrary File Upload Exploit', 'Description' = %q This module exploits an unauthenticated arbitrary file upload via insecure POST...

File Upload Vulnerability in KUKA.OfficeLite

KUKA.OfficeLite is KUKA's virtual robot controller. A file upload vulnerability exists in KUKA.OfficeLite. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

WordPress File Upload Vulnerability (CNVD-2021-29447)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.One SEO Pack is a plugin for WordPress. A security vulnerability exists in One SEO Pack plugin for WordPress versions...

CVE-2018-16795

OpenEMR 5.0.1.3 is vulnerable to Cross-Site Request Forgery (CSRF) via library/ajax and interface/super, demonstrated by uploading a PHP file through interface/super/manage_site_files.php. The flaw enables unauthorized state-changing actions and potential code execution via the uploaded PHP file....

File upload vulnerability in yiqiCMS (CNVD-2020-75031)

yiqiCMS is a CMS system, the product is used for enterprise building. A file upload vulnerability exists in yiqiCMS, which can be exploited by an attacker to gain control of the server...

Unrestricted file upload

Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands...

GitLab Resource Management Error Vulnerability (CNVD-2021-19408)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab 13.0.1 and...

Zimbra Code Issues Vulnerabilities

Zimbra is the United States Zimbra company's set of open source e-mail collaboration platform. A code issue vulnerability exists in the /service/upload program in the Webmail subsystem in versions of Zimbra prior to 8.8.15 Patch 10 and 9.x prior to 9.0.0 Patch 3, which can be exploited by an...

DEBIAN-CVE-2019-8942

WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...

WordPress pitajte-strucnjaka 4.9.6 Shell Upload

Exploit Title : WordPress pitajte-strucnjaka Plugins 4.9.6 Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 26/01/2019 Vendor Homepage : wordpress.org Software Information Link : bol.rs/pitajte-strucnjaka Software Version : 4.9.6 Tested On : Windows...

Adobe ColdFusion 2018 Shell Upload

Exploit Title: Unrestricted file upload in Adobe ColdFusion 2018 Google Dork: ext:cfm Date: 10-12-2018 Exploit Author: Pete Freitag of Foundeo Reversed: Vahagn vah13 Vardanian Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 CVE : CVE-2018-15961 Comment: September 28, 201...

Adobe ColdFusion 2018 - Arbitrary File Upload

Exploit Title: Unrestricted file upload in Adobe ColdFusion 2018 Google Dork: ext:cfm Date: 10-12-2018 Exploit Author: Pete Freitag of Foundeo Reversed: Vahagn vah13 Vardanian Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 CVE : CVE-2018-15961 Comment: September 28, 201...

CVE-2013-10032

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/getsimplecmsuploadexec.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

CVE-2013-10038

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/flashchatuploadexec.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

CVE-2012-10026

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/wpassetmanageruploadexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

CVE-2025-34111

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/tikiwikiuploadexec.rb 2025-10-23 21:13:04+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...