Best POS Management System v1.0 - Unauthenticated Remote Code Execution Exploit

Exploit Title: Best POS Management System v1.0 - Unauthenticated Remote Code Execution Google Dork: NA Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

Best POS Management System v1.0 - Unauthenticated Remote Code Execution

Exploit Title: Best POS Management System v1.0 - Unauthenticated Remote Code Execution Google Dork: NA Date: 15/5/2023 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...

Job Portal 1.0 - File Upload Restriction Bypass

/jobportal/applicant/ 2.- Select profile image and load a valid image. 3. Turn Burp/ZAP Intercept On 4. Select webshell - ex: shell.png 5. Alter request in the upload... Update 'filename' to desired extension. ex: shell.php Not neccesary change content type to 'image/png' Example exploitation...

CVE-2023-30855

Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...

Path traversal

Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...

CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php

Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...

CVE-2023-30855

Pimcore Path Traversal (CVE-2023-30855) affects Pimcore versions before 10.5.18, specifically in AdminBundle/Controller/Reports/CustomReportController.php. The vulnerability allows path traversal and arbitrary file creation/append operations; when combined with SQL Injection, it can expose or rea...

CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php

Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...

CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php

Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

Unrestricted file upload

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

CVE-2021-28998

CMS Made Simple is affected by a file upload vulnerability up to version 2.2.15 that allows remote authenticated attackers to gain a webshell via a crafted phar file. The issue is a file upload flaw in the CMSMS component/functionality (no explicit code path provided here beyond the phar-based up...

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

CMS Made Simple 代码问题漏洞

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...

PT-2023-12130 · Unknown · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple versions through 2.2.15 Description: The issue allows remote authenticated attackers to gain a webshell via a crafted phar file. This is achieved through a file upload vulnerability. Recommendations: For versions through 2.2.1...

Online Pizza Ordering System v1.0 - Unauthenticated File Upload Exploit

Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...

Online Pizza Ordering System 1.0 Shell Upload

Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Date: 03/05/2023 Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...

Online Pizza Ordering System v1.0 - Unauthenticated File Upload

Exploit Title: Online Pizza Ordering System 1.0 - Unauthenticated File Upload Date: 03/05/2023 Exploit Author: URGAN Vendor Homepage: https://www.sourcecodester.com/php/16166/online-pizza-ordering-system-php-free-source-code.html Software Link:...