SeaCMS 安全漏洞

seacms Ocean Video Management System is a video-on-demand system designed for webmasters with different needs. seacms V11.5 has an arbitrary code execution vulnerability, which can be exploited by attackers to write malicious files to the site and execute commands...

Cab Management System 1.0 - Remote Code Execution (Authenticated) Vulnerability

Exploit Title: Cab Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Alperen Ergel Contact: @alpernae IG/TW Software Homepage: https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html Version : 1.0 Tested on: windows 10 xammp | Kali...

WPCargo < 6.9.0 - Unauthenticated RCE

The plugin contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE import sys import binascii import requests This is a magic string that when treated as pixels and compressed using the png algorithm, will cause to be written to t...

Exploit for Code Injection in Digitaldruid Hoteldruid

CVE-2022-22909 Description A Code Injection vulnerability h...

Path Traversal in prasathmani/tinyfilemanager

Description A Path Traversal vulnerability exists in Tiny File Manager, which allows the upload of files to an arbitrary location in the server. This flaw derives from the way that the file upload/creation is handled when a file with the same name already exists in the target directory. Affected...

Home Owners Collection Management System 1.0 Shell Upload

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Home Owners Collection Management System 1.0 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Date: 9/02/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

Home Owners Collection Management System 1.0 - Remote Code Execution Vulnerability

Exploit Title: Home Owners Collection Management System 1.0 - Remote Code Execution RCE Authenticated Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

GHSA-CWX9-RP4W-4545 Mingsoft MCMS vulnerable to Remote Code Execution via file upload.

Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...

CVE-2021-46386

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...

Unrestricted file upload

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...

PT-2022-12683 · Mingsoft · Mingsoft Mcms

Name of the Vulnerable Software and Affected Versions: mingSoft MCMS versions prior to and including 5.2.5 Description: The issue allows remote attackers to execute arbitrary code via a crafted jspx webshell. The component affected is net.mingsoft.basic.action.web.FileActionupload, and the attack...

CVE-2021-46386

Mingsoft MCMS

CVE-2021-46386

File upload vulnerability in mingSoft MCMS through 5.2.5, allows remote attackers to execute arbitrary code via a crafted jspx webshell to net.mingsoft.basic.action.web.FileActionupload...

WordPress AccessPress Themes Webshell Upload (CVE-2021-24867)

An attacker might upload a webshell backdoor to WordPress AccessPress Themes. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

CVE-2021-46013

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/examquestion/...

CVE-2021-46013

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/examquestion/...

CVE-2021-46013

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/examquestion/...

Unrestricted file upload

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/examquestion/...

CVE-2021-46013

An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/examquestion/...