Lucene search
K

78 matches found

Vulnrichment
Vulnrichment
added 2022/04/19 8:26 p.m.8 views

CVE-2021-4096 Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

8.8CVSS6.9AI score0.00573EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.4 views

WordPress plugin Fancy Product Designer跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Fancy Product Designer, which...

8.8CVSS5.4AI score0.00573EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/04/14 12:0 a.m.19 views

Fancy Product Designer < 4.7.6 - Arbitrary File Upload via CSRF

The plugin is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server via a CSRF attack...

8.8CVSS4.8AI score0.00573EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/11/05 1:15 p.m.2 views

CVE-2021-42669

A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboardteacher.php, which allows changing the avatar through teacheravatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By...

10CVSS5.9AI score0.2327EPSS
Exploits6References4
OSV
OSV
added 2021/08/11 6:15 p.m.3 views

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

8.8CVSS7.5AI score0.01849EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/08/11 12:0 a.m.4 views

NewsOne CMS 代码问题漏洞

NewsOne CMS is a web-based news, magazine script. It is possible to develop your own media/news website. A security vulnerability exists in NewsOne CMS version 1.1.0, which originates from an arbitrary file upload vulnerability in the component of the software, which allows an attacker to use a...

9CVSS8.2AI score0.01849EPSS
Exploits1References2
0day.today
0day.today
added 2021/07/08 12:0 a.m.75 views

Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2021/07/08 12:0 a.m.406 views

Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution (Unauthenticated)

Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution Unauthenticated Date: 2021-07-07 Exploit Author: faisalfs10x Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
OSV
OSV
added 2021/06/03 2:15 p.m.4 views

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

6.5CVSS5.8AI score0.0081EPSS
Exploits1References2
CNVD
CNVD
added 2021/05/05 12:0 a.m.3 views

File Upload Vulnerability in SEMCMS PHP (Multilingual) Version

SemCms is an open source foreign trade enterprise website management system. A file upload vulnerability exists in the PHP multilingual version of SEMCMS. An attacker can exploit the vulnerability to upload webshell and gain server privileges...

7.3AI score
Exploits0
CNNVD
CNNVD
added 2021/04/20 12:0 a.m.7 views

WonderCMS 操作系统命令注入漏洞

WonderCMS is a PHP-based open source content management system CMS. WonderCMS 3.1.3 exists an operating system command injection vulnerability, the vulnerability stems from an operating system command injection vulnerability in the installUpdateThemePluginAction function in index.php, which allow...

9.8CVSS8.7AI score0.26912EPSS
Exploits2References5
CNVD
CNVD
added 2021/03/07 12:0 a.m.4 views

File upload vulnerability exists in UCMS (CNVD-2021-21601)

UCMS is a content management system written in PHP. There is a file upload vulnerability in the UCMS backend, which can be exploited by an attacker to upload arbitrary scripts to obtain a website webshell...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/12/23 12:0 a.m.2 views

UCMS suffers from a file upload vulnerability (CNVD-2021-00046)

UCMS is a content management system written in PHP. There is a file upload vulnerability in the UCMS backend, which can be exploited by an attacker to upload arbitrary scripts to obtain a website webshell...

7.1AI score
Exploits0
CNVD
CNVD
added 2020/11/05 12:0 a.m.1 views

File Upload Vulnerability in BladeKeeper Website Building System V1.0

Knife building system is specifically for software developers and software affiliates of the software publishing platform for self-service website building system. A file upload vulnerability exists in KnifeBuilder V1.0, which allows an attacker to upload a webshell to a server by uploading...

7.3AI score
Exploits0
CNVD
CNVD
added 2019/10/30 12:0 a.m.2 views

File Upload Vulnerability in Blue Route Blog System

Shenzhen Blue Route Technology Co., Ltd, provides cloud computing products, cloud computing solutions, enterprise cloud application software, etc., is committed to providing customers with professional cloud services. Blue Route blog system file upload vulnerability, attackers can use the...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2019/04/16 1:44 p.m.130 views

Instantbox - Get A Clean, Ready-To-Go Linux Box In Seconds

Get a clean, ready-to-go Linux box in seconds. Introduction What is instantbox? It's a project that spins up temporary Linux systems with instant webshell access from any browser. What can an instantbox do? 1. provides a clean Linux environment for a presentation 2. let students experience the...

7.3AI score
Exploits0References1
CNVD
CNVD
added 2018/12/10 12:0 a.m.2 views

Code execution vulnerability in zzzphp

zzphp is a free website building system developed using PHP. A code execution vulnerability exists in zzzphp. An attacker can exploit this vulnerability to execute arbitrary php code and directly obtain a webshell...

8AI score
Exploits0
CNVD
CNVD
added 2018/08/13 12:0 a.m.1 views

ShopsN open source online store full web system suffers from SQL injection vulnerability (CNVD-2018-17332)

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN v2.3.3 official version of the existen...

8.3AI score
Exploits0
CNVD
CNVD
added 2018/08/07 12:0 a.m.2 views

Arbitrary File Upload Vulnerability in UCMS Version 1.4.6

UCMS is a simple open source content management system, it can be very convenient to quickly develop various kinds of enterprise station, article station and station system. A file upload vulnerability exists in the \ucms\sadmin\fi.php page of UCMS version 1.4.6. An attacker can exploit the...

7.4AI score
Exploits0
CNVD
CNVD
added 2018/08/07 12:0 a.m.2 views

Arbitrary File Editing Vulnerability in UCMS Version 1.4.6

UCMS is a simple open source content management system, which can be used to quickly develop a variety of enterprise stations, article stations and station systems. UCMS version 1.4.6 \ucms\sadmin\fi.php page arbitrary file editing vulnerability. An attacker can exploit the vulnerability to edit...

7.3AI score
Exploits0
Rows per page
Query Builder