Exploit for Improper Handling of Case Sensitivity in Vmware Spring_Framework

spring-rce-poc Testing CVE-2022-22968 Simple app vulnerable...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388-EXP This is CVE-2022-1388-EXP Author: Caps@B...

Exploit for CVE-2022-28590

CVE-2022-28590 The original discovery and manual PoC is from...

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 CVE-2022-29464 POC exploit https://github.com/...

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 CVE-2022-29464 POC exploit Usage shell us...

Exploit for Path Traversal in Wso2 Api_Manager

cve-2022-29464 Disclaimer The script is for learning purpos...

Pharmacy Management System 1.0 Shell Upload Vulnerability

Exploit Title: Pharmacy management system - Remote Code Execution RCE Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version: 1.0 Tested on:...

WordPress plugin Fancy Product Designer cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Fancy Product Designer, which...

Pharmacy Management System 1.0 Shell Upload

Exploit Title: Pharmacy management system - Remote Code Execution RCE Date: 19/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version:...

CVE-2021-4096

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

CVE-2021-4096

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

Cross site request forgery (csrf)

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

CVE-2021-4096 Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

CVE-2021-4096

CVE-2021-4096 affects the WordPress plugin Fancy Product Designer (versions up to and including 4.7.5). The vulnerability is a Cross-Site Request Forgery via the FPD_Admin_Import class that enables attackers to upload malicious files, potentially gaining webshell access to the server. Non-exploit...

WordPress plugin Fancy Product Designer跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Fancy Product Designer, which...

Fancy Product Designer < 4.7.6 - Arbitrary File Upload via CSRF

The plugin is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server via a CSRF attack...

Apache Superset SQL注入漏洞

A SQL injection vulnerability exists in Apache Superse, a modern, industrial-grade Web application for Business Intelligence. An attacker can use this vulnerability to execute arbitrary SQL statements such as querying data, downloading data, writing to a webshell, executing system commands, and...

CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution Vulnerabilities

Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache 1 -...

CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution

Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Date: 07.04.2022 Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows,...

CVE-2022-28062

Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code...