CVE-2022-40471

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

CVE-2022-40471

Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php...

PT-2022-25396

Name of the Vulnerable Software and Affected Versions Clinic's Patient Management System version 1.0 Description The issue allows an attacker to upload an arbitrary PHP webshell via the profile picture upload functionality in users.php. This enables remote code execution. Recommendations For...

Clinic’s Patient Management System 代码问题漏洞

Clinic's Patient Management System is a patient management system for Carlo Montero's clinic. A security vulnerability exists in Clinic's Patient Management System v 1.0 that could allow an attacker to upload an arbitrary php webshell via the profile picture upload function in users.php...

CVE-2022-40471

CVE-2022-40471 affects Clinic's Patient Management System v1.0. The flaw is an unrestricted file upload in the profile image handling (users.php) that allows uploading PHP web shells, enabling remote command execution. Connected documents provide exploit modules demonstrating RCE via the profile-...

Exploit for Missing Authentication for Critical Function in Terra-Master Terramaster_Operating_System

terraMaster-CVE-2022-24990 Tool Introduction A quick-use...

pfSense pfBlockerNG 2.1.4_26 Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense plugin pfBlockerNG unauthenticated RCE as root', 'Description' = %q pfBlockerNG is a popular pfSense plugin that is not installed by...

Exploit for Unrestricted Upload of File with Dangerous Type in Oretnom23 Clinic\'S_Patient_Management_System

CVE-2022-40471 Remote code execution via unrestricted file up...

Exploit for Path Traversal in Vmware Cloud_Foundation

! vckillerhttps://socialify.git.ci/Schira4396/VcenterKiller/i...

DeftTorero: tactics, techniques and procedures of intrusions revealed

Earlier this year, we started hunting for possible new DeftTorero aka Lebanese Cedar, Volatile Cedar artifacts. This threat actor is believed to originate from the Middle East and was publicly disclosed to the cybersecurity community as early as 2015. Notably, no other intelligence was shared unt...

BoxBilling <=4.22.1.5 - Authenticated Unrestricted File Upload - RCE

Description BoxBilling was vulnerable to Unrestricted File Upload. In order to exploit the vulnerability, an attacker must have a valid authenticated session as admin on the CMS. With at least 1 order of product an attacker can upload malicious file to hidden API endpoint that contain a webshell...

Exploit for OS Command Injection in Netgate Pfblockerng

SenselessViolence CVE-2022-31814 pfSense pfBlockerNG = 2.1.4...

AeroCMS 代码问题漏洞

AeroCMS is a content management system from AeroCMS Inc. in the United States. A security vulnerability exists in AeroCMS version v0.0.1. An attacker exploited the vulnerability to upload a webshell and take control of the web server...

Academy Learning Management System 5.7 Shell Upload

Exploit Title: Academy Learning Management System 5.7 Shell Upload Exploit Author: th3d1gger Vendor Homepage: https://codecanyon.net Software Link: https://codecanyon.net/item/academy-course-based-learning-management-system/22703468 Version: 5.7 Tested on Ubuntu 18.04 Totally wrong architecture f...

Library Management System With QR Code 1.0 Shell Upload

Title: Library Management System with QR code AttendanceFile Upload RCE Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Date: 27.06.2022 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...

Library Management System With QR Code 1.0 Shell Upload Vulnerability

Title: Library Management System with QR code AttendanceFile Upload RCE Author: Ashish Kumar https://www.linkedin.com/in/ashish-kumar-0b65a3184 Vendor: https://www.sourcecodester.com/users/kingbhob02 Software:...

MAL-2022-3382 Malicious code in gitrepandwebshell (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1e18cb98a2102f4f0f935b117ae48c3fd63742e1a4eeacef38db5a76ae71f2c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell...

CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell...

Exploit for Injection in Thedaylightstudio Fuel_Cms

CVE-2018-16763 - FuelCMS Exploit to trigger RCE for CVE-2...