CVE-2019-15813

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

CVE-2018-1000658

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...

WordPress plugin WPAMS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin Hospital Management System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

WordPress plugin WPAMS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

Vulnerability fixed in Commvault Command Center

Commvault has fixed a vulnerability in Command Center. The vulnerability can be exploited by an unauthenticated remote malicious person to execute arbitrary code. This requires sending a specially crafted http request to the vulnerable application containing a reference to a rogue zip file. The...

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

CVE-2025-3928

CVE-2025-3928 — Commvault Web Server has an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells on the Web Server component of CommCell environments. Public documents consistently describe the issue as an unspecified vulnerability enabling webshe...

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...

Commvault Web Server 安全漏洞

Commvault Web Server is a web server management program from Commvault USA. A security vulnerability exists in Commvault Web Server that originates from a remote authenticated attacker who could create and execute a webshell...

Can LLMs Handle WebShell Detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework

WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. Traditional machine learning and deep learning methods are hampered by issues such as the need for extensive training data, catastrophic forgetting, and poor generalization. Recently, Lar...

WordPress plugin Ultra Demo Importer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Exploit for CVE-2025-2249

🔐 WordPress SoJ SoundSlides Plugin ⚠️ DISCLAIMER: This ex...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878-POC CVE-2023-45878 poc for gibbon LMS on xampp...

UniRide Vehicle Booking Management System 1.0 Shell Upload

UniRide Vehicle Booking Management System version 1.0 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking Management System...

CVE-2025-27140

WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, importardump.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comma...

WeGIA 访问控制错误漏洞

WeGIA is a web manager for welfare organizations by Nilson Lazarin Individual Developer. An access control error vulnerability exists in WeGIA versions prior to 3.2.15. An attacker exploiting this vulnerability could execute arbitrary code, including uploading a webshell...

CVE-2021-4096

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

CVE-2024-56249

Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through = 1.13.1...