CVE-2025-66620

An unused webshell in MicroServer allows unlimited login attempts, with sudo rights on certain files and directories. An attacker with admin access to MicroServer can gain limited shell access, enabling persistence through reverse shells, and the ability to modify or remove data stored in the fil...

Exploit for CVE-2025-52691

CVE‑2025‑52691 – SmarterMail Arbitrary File Upload Vulnerabili...

PT-2025-49813

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...

EUVD-2020-20651

Malware in sbrugna...

EUVD-2020-23116

Malware in sbrugna...

EUVD-2025-18668

Malicious code in bioql PyPI...

CVE-2019-1010062

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...

CVE-2024-56249

Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through = 1.13.1...

CVE-2024-45171

An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup file...

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

PT-2022-12683 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: mingSoft MCMS versions prior to and including 5.2.5 Description: The issue allows remote attackers to execute arbitrary code via a crafted jspx webshell. The component affected is net.mingsoft.basic.action.web.FileActionupload, and the attack...

rConfig SQL Injection Vulnerability (CNVD-2021-99274)

rConfig is an open source network device configuration management utility . A SQL injection vulnerability exists in rConfig version 3.9.6. An attacker can exploit this vulnerability to upload a webshell to the server and access it remotely...

Design/Logic Flaw

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php"...

CVE-2020-35442

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

Webshell bypass vulnerability exists in D-Shield (CNVD-2020-22799)

D Shield is a proactive defense protection software designed specifically for IIS. D-Shield suffers from a Webshell bypass vulnerability that can be exploited by attackers to gain administrative privileges on a website...

Webshell bypass vulnerability in D-Shield firewall (CNVD-2020-04086)

D Shield Firewall is a free IIS firewall software, this software protects websites and servers from intrusion. A webshell bypass vulnerability exists in D-Shield Firewall. An attacker can exploit this vulnerability to gain access to the target server's administrative privileges...

Directory traversal

LimeSurvey version 3.14.4 and earlier contains a directory traversal in file upload that allows upload of webshell vulnerability in file upload functionality that can result in remote code execution as authenticated user. This attack appear to be exploitable via An authenticated user can upload a...

TPshop open source mall system 2.0 eval-stdin.php file there is a backdoor default vulnerability

TPshop open source mall system Thinkphp shop for short , is a set of Shenzhen Soleil Networks Ltd. developed a set of multi- merchant model of the mall system . TPshop open source mall system 2.0 eval-stdin.php file has a backdoor vulnerability . Attackers send POST requests containing malicious...

XYHCMS \App\Runtime\Data\config\site.php page has an arbitrary file write vulnerability

Xing Yunhai CMS XYHcms is a completely open source CMS content management system. XYHCMS \App\Runtime\Data\config\site.php page has an arbitrary file write vulnerability. Attackers use this vulnerability to obtain server privileges by writing Webshell...

Design/Logic Flaw

Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a webshell upload vulnerability...