Lucene search
K

2193 matches found

NVD
NVD
added 2022/04/04 4:15 p.m.23 views

CVE-2022-0537

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

7.2CVSS0.01484EPSS
Exploits2References1
Prion
Prion
added 2022/04/04 4:15 p.m.16 views

Design/Logic Flaw

The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current 's stylesheet directory, and a .php...

6.5CVSS7AI score0.01484EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/04/04 3:35 p.m.86 views

CVE-2022-0537

CVE-2022-0537 affects MapPress Maps for WordPress before 2.73.13. A high-privileged user can bypass DISALLOW_FILE_EDIT/DISALLOW_FILE_MODS and upload arbitrary files via the ajax_save function. The uploaded file is written relative to the current theme/stylesheet directory and given a .php extensi...

7.2CVSS6.9AI score0.01484EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2022/03/31 12:0 a.m.520 views

Medical Hub Directory Site 1.0 SQL Injection

Title: Medical Hub Directory Site 1.0 Blind Time SQLi To Rce Author: Hejap Zairy Date: 30.07.2022 Vendor: https://www.sourcecodester.com/php/15252/simple-medical-hub-directory-site-phpoop-source-code.html Software:https://www.sourcecodester.com/sites/default/files/download/oretnom23/mhds.zip...

0.1AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/03/29 4:0 p.m.16 views

3 steps to secure your multicloud and hybrid infrastructure with Azure Arc

As businesses around the world grapple with the growth of an industrialized, organized attacker ecosystem, the need for customers to secure multicloud and hybrid infrastructure and workloads is increasingly urgent. Today, organizations face an attacker ecosystem that is highly economically...

7.7AI score
Exploits0
GithubExploit
GithubExploit
added 2022/03/16 11:56 a.m.563 views

Exploit for CVE-2021-21983

CVE-2021-21975 VMware vRealize Operations vROps Manager API...

8.5CVSS7.8AI score0.7829EPSS
Exploits12
OSV
OSV
added 2022/03/15 12:0 a.m.32 views

GHSA-RGG3-3WH7-W935 Unrestricted Upload of File with Dangerous Type in Zenario CMS

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

9.8CVSS6.8AI score0.02484EPSS
Exploits5References7
OSV
OSV
added 2022/03/14 3:15 p.m.14 views

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

7.2CVSS6.9AI score
Exploits0References3
NVD
NVD
added 2022/03/14 3:15 p.m.29 views

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

7.2CVSS0.02484EPSS
Exploits5References3
Prion
Prion
added 2022/03/14 3:15 p.m.16 views

Unrestricted file upload

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

6.5CVSS6.7AI score0.02484EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2022/03/14 2:51 p.m.123 views

CVE-2021-42171

CVE-2021-42171 affects Zenario CMS 9.0.54156 and is a file-upload vulnerability that allows remote code execution. The root cause, per the sources, is lack of validation of uploaded files. Exploitation exists in public advisories (e.g., Exploit-DB) demonstrating an authenticated path to achieve R...

7.2CVSS6.8AI score0.02484EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2022/03/14 2:51 p.m.34 views

CVE-2021-42171

Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...

7AI score0.02484EPSS
Exploits5References3
wpexploit
wpexploit
added 2022/03/14 12:0 a.m.115 views

MapPress Maps for WordPress < 2.73.13 - Admin+ File Upload to Remote Code Execution

The plugin allows a high privileged user to bypass the DISALLOWFILEEDIT and DISALLOWFILEMODS settings and upload arbitrary files to the site through the "ajaxsave" function. The file is written relative to the current theme's stylesheet directory, and a .php file extension is added. No validation...

7.2CVSS0.6AI score0.01484EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2022/03/11 12:2 a.m.25 views

Unrestricted Upload of File with Dangerous Type in Croogo

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script...

8.8CVSS2.9AI score0.08963EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/03/11 12:2 a.m.19 views

GHSA-4PWW-FQGH-36HJ Unrestricted Upload of File with Dangerous Type in Croogo

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2 via admin/file-manager/attachments, which lets a malicious user upload a web shell script...

8.8CVSS8.9AI score0.08963EPSS
Exploits1References3
NVD
NVD
added 2022/03/10 6:15 p.m.51 views

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

8.8CVSS0.08963EPSS
Exploits1References1
OSV
OSV
added 2022/03/10 6:15 p.m.20 views

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

8.8CVSS9AI score
Exploits0References1
Prion
Prion
added 2022/03/10 6:15 p.m.18 views

Remote code execution

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

6.5CVSS8.9AI score0.08963EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/10 6:4 p.m.27 views

CVE-2021-44673

A Remote Code Execution RCE vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script...

9.2AI score0.08963EPSS
Exploits1References1
CVE
CVE
added 2022/03/10 6:4 p.m.110 views

CVE-2021-44673

Croogo 3.0.2 is affected by an arbitrary file upload vulnerability in the admin/file-manager/attachments path that lets a malicious user upload a PHP web shell, enabling remote code execution. Root cause: unrestricted file uploads in the attachment handler. Exploitation details and a concrete fix...

8.8CVSS8.9AI score0.08963EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder