2179 matches found
CVE-2020-23828
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...
Unrestricted file upload
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...
Red Lion N-Tron 702-W / 702M12-W 2.0.26 XSS / CSRF / Shell
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: Red Lion N-Tron 702-W, Red Lion N-Tron 702M12-W vulnerable version: =2.0.26 fixed version: CVE number: CVE-2020-16210, CVE-2020-16206,...
CVE-2020-19891
DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...
RiteCMS Remote Code Execution Vulnerability (CNVD-2020-48654)
RiteCMS is a lightweight open source web content management system CMS based on PHP and SQLite. A security vulnerability exists in RiteCMS version 2.2.1. An attacker can exploit the vulnerability by uploading a PHP web shell in 'Filemanager' to execute system commands...
CVE-2020-23934
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...
CVE-2020-23934
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...
Design/Logic Flaw
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...
CVE-2020-23934
Summary of CVE-2020-23934 (RiteCMS 2.2.1) : An authenticated user can upload a PHP web shell via the Filemanager and execute system commands on the server, enabling Remote Code Execution. The known exploit demonstrates uploading a shell and accessing it under /media/(filename).php, then issuing c...
flatCore CMS 1.5.5 Cross Site Scripting / Arbitrary File Upload
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Vulnerabilities product: flatCore CMS vulnerable version: =1.5.5 fixed version: 1.5.7 CVE number: - impact: High homepage: https://flatcore.org/ found: 2020-03-2...
Online Book Store 1.0 Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution modified by cesgami Exploit Author: Tib3rius Vendor Homepage:...
Online Book Store 1.0 Code Execution
!/usr/bin/env python3 Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution modified by cesgami Google Dork: N/A Date: 2020-01-07 2020-22-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/...
Park Ticketing Management System 1.0 - 'viewid' SQL Injection
Exploit Title: Park Ticketing Management System 1.0 - 'viewid' SQL Injection Date: 2020-07-13 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Software...
Online Birth Certificate System 1.0 SQL Injection / Code Execution
Exploit Title: Online Birth Certificate System - RCE Through SQLi Date: 2020-07-08 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/ Software Link:...
Park Ticketing Management System 1.0 - (viewid) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Park Ticketing Management System 1.0 - 'viewid' SQL Injection Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Online Birth Certificate System 1.0 SQL Injection / Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Online Birth Certificate System - RCE Through SQLi Date: 2020-07-08 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Park Ticketing Management System 1.0 SQL Injection
Exploit Title: Park Ticketing Management System 1.0 - Authentication Bypass Date: 2020-07-13 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage: https://phpgurukul.com/park-ticketing-management-system-using-php-and-mysql/ Software...
Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution
Exploit Title: Online DJ Booking Management System Project Report - RCE Through SQLi Authenticated User - admin Date: 2020-07-12 Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
Online DJ Booking Management System Project Report 1.0 SQL Injection / Code Execution Vulnerabilitie
Exploit for php platform in category web applications Exploit Title: Online DJ Booking Management System Project Report - RCE Through SQLi Authenticated User - admin Exploit Author: gh1mau Team Members: Capt'N,muzzo,chaos689 | https://h0fclanmalaysia.wordpress.com/ Vendor Homepage:...
RiteCMS 2.2.1 - Authenticated Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: RiteCMS 2.2.1 - Authenticated Remote Code Execution Exploit Author: Enes Özeser Vendor Homepage: http://ritecms.com/ Version: 2.2.1 Tested on: Linux 1- Go to following url. http://HOST/cms/ 2- Default username and password is...