GreenCMS 2.3.0603 - Cross-Site Request Forgery Remote Code Execution

GreenCMS 2.3.0603 - Cross-Site Request Forgery Remote Code Execution Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.06...

GreenCMS 2.3.0603 Cross Site Request Forgery

Exploit 1 of 2: Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11670 An issue was discovered in...

MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vulnerabilities

Exploit for php platform in category web applications Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google...

MachForm &lt; 4.2.3 - SQL Injection / Path Traversal / Upload Bypass

Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform"...

Monxin Netcom Mall System v4.0 Exists Arbitrary File Upload Vulnerability

Monxin all-network mall system is a mall management system based on PC mall + cell phone mall + WeChat mall + offline cashier, members / orders / commodities / inventory online and offline real-time synchronization of data across the network. Monxin v4.0 there are arbitrary file upload...

Monstra CMS 3.0.4 Remote Code Execution

Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Date: 2018-05-14 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: MAC OSX CVE :CVE-2018-9037 Monst...

Code Execution Vulnerability in Microcms (viicms) v1.0

VIICMS is a third-party platform that specializes in providing marketing and promotion services for WeChat public accounts. A code execution vulnerability exists in micro cms viicms v1.0. The vulnerability stems from the program failing to effectively filter the parameter array when changing the...

Monstra CMS 3.0.4 - Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested...

Code Execution Vulnerability in Micro Window CMS (Vwins) v3.0

Micro Window CMS Vwins is a free and open source microsoft public and paypal service window management platform system. A code execution vulnerability exists in version v3.0 of Vwins CMS Vwins. The vulnerability stems from improper filtering of incoming parameters when modifying the configuration...

UCMS 1.4.5 File Upload Vulnerability

UCMS is a simple open source content management system. A file upload vulnerability exists in UCMS 1.4.5. An attacker can exploit the vulnerability to directly upload a script Trojan file to obtain a webshell...

WordPress has an arbitrary file upload vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress has an arbitrary file upload vulnerability. The vulnerability is due to the system does not filter the content of t...

Arbitrary file editing vulnerability in niubicms v1.8

Cow CMS is a free version of the local portal PHP source code system. Includes: news, real estate, talent, automotive, local business station three-level domain name station, merchant business cards and other functions. niubicms v1.8 version of the existence of arbitrary file editing vulnerabilit...

Renaming Vulnerability in DedeCMS v5.7 SP2 Version

Shanghai Zhuozhuo Network Technology Co., Ltd Desdev Inc, is a professional web content management solutions provider, its products - Dream Content Management System DedeCms is one of the most used CMS in China. A renaming vulnerability exists in DedeCMS V5.7 SP2, which allows an attacker to obta...

Code execution vulnerability in ThinkerCMS v1.4 version

ThinkerCMS is a content management system based on the development of thinkphp3.2, which is characterized by its compactness and delicacy, and can be quickly developed twice. A code execution vulnerability exists in ThinkerCMS v1.4, as the program does not filter webpage Trojan features, attacker...

Arbitrary file copying vulnerability in CoverCMS v1.1.7

Shanghai Raging Wolf Network Technology Co., Ltd. is committed to the development of mobile Internet and enterprise website, e-commerce website. CoverCMS v1.1.7 version exists arbitrary file copying vulnerability, due to the product of the file name to be copied and the file name to be saved are...

Arbitrary File Write Vulnerability in CoverCMS v1.1.7

Shanghai Raging Wolf Network Technology Co., Ltd. is committed to the development of mobile Internet and enterprise website, e-commerce website. Arbitrary file writing vulnerability exists in CoverCMS v1.1.7, due to the product has not filtered the file name and content of the file to be written,...

Arbitrary File Editing Vulnerability in CoverCMS v1.1.7

Shanghai Raging Wolf Network Technology Co., Ltd. is committed to the development of mobile Internet and enterprise website, e-commerce website. CoverCMS v1.1.7 version exists arbitrary file editing vulnerability, due to the product of the file name to edit the file and to write the file content...

Cloudcms v1.5.9.0 File Upload Vulnerability

Cloudcms is a backend content management system for enterprise websites. There is a file upload vulnerability in cloudcms v1.5.9.0, which allows attackers to obtain a webshell by uploading a php file...

Arbitrary File Write Vulnerability in phpComasy CMS System

phpComasy CMS is a foreign open source content management system, with simple and fast, scalable, is the ideal system for small and medium-sized websites. phpComasy CMS system suffers from an arbitrary file write vulnerability. An attacker can exploit the vulnerability to write a malicious file a...

AXIS M1033-W Code Execution Vulnerability

AXIS M1033-W is a network camera product from Axis Sweden. A code execution vulnerability exists in the AXIS M1033-W version 5.40.5.1, which originates from an uploaded web page that fails to verify the file type. A remote attacker can exploit this vulnerability to upload a webshell and execute...