2189 matches found
CVE-2021-42171
Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth...
CVE-2021-37770
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with...
CVE-2021-32630
Admidio is a free, open source user management system for websites of organizations and groups. In Admidio before version 4.0.4, there is an authenticated RCE via .phar file upload. A php web shell can be uploaded via the Documents & Files upload feature. Someone with upload permissions could...
CVE-2021-24209
The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated admin+ RCE in the settings page due to input validation failure and weak $cachepath check in the WP Super Cache Settings - Cache Location option. Direct access to the wp-cache-config.php file is not prohibited, so...
CVE-2020-23934
An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the "Filemanager" section...
Malicious code in @ctg-ui/web-shell-express (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2017-9442
BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary code by uploading a crafted package containing a PHP web shell, related to extraction of a ZIP archive to filename patterns such as cache/package/xxx/yyy.php. This issue exists in...
CVE-2017-11561
An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell...
CVE-2016-20016
MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE"...
CVE-2025-39402
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...
CVE-2025-39401
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...
CVE-2025-39380
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through = 47.020-11-2023...
CVE-2025-47577
Unrestricted Upload of File with Dangerous Type vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through = 2.9.2...
CVE-2025-39401
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...
CVE-2025-39402
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla WPAMS apartment-management allows Upload a Web Shell to a Web Server.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...
CVE-2025-39380
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through = 47.020-11-2023...
CVE-2025-39380
CVE-2025-39380 corresponds to an Arbitrary/Unrestricted File Upload vulnerability in the WordPress plugin for Mojoomla Hospital Management System (Hospital Management System). Affected: mojoomla Hospital Management System WordPress plugin versions prior to 47.0 (up to 2023-11-20). Impact cited ac...
CVE-2025-39380 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through = 47.020-11-2023...
CVE-2025-39380 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System hospital-management allows Upload a Web Shell to a Web Server.This issue affects Hospital Management System: from n/a through = 47.020-11-2023...
CVE-2025-39401
CVE-2025-39401 affects the WordPress WPAMS plugin <= 44.0 and is an Arbitrary File Upload vulnerability. The issue is caused by Unrestricted Upload of File with Dangerous Type, enabling an attacker to upload a web shell to the server. The shell upload target path is /wp-content/uploads/apartme...