Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload

Exploit Title: Patient Appointment Scheduler System 1.0 - Unauthenticated File Upload Date: 03/09/2021 Exploit Author: a-rey Vendor Homepage: https://www.sourcecodester.com/php/14928/patient-appointment-scheduler-system-using-php-free-source-code.html Software Link:...

FlatCore CMS 2.0.7 Remote Code Execution

Exploit Title: FlatCore CMS 2.0.7 - Remote Code Execution RCE Authenticated Date: 04/10/2021 Exploit Author: Mason Soroka-Gill @sgizoid Vendor Homepage: https://flatcore.org/ Software Link: https://github.com/flatCore/flatCore-CMS/archive/refs/tags/v2.0.7.tar.gz Version: 2.0.7 Tested on: Ubuntu...

Exploit for Server-Side Request Forgery in Microsoft

Exchange SSRF GetShell --- RunCommand CVE-2021–26855.exe -host 10.11.11.24 -mail [email protected] --- 效果图 - 写出webshell到服务器 - 使用菜刀连接webshell...

File Upload Vulnerability in Tianmu MVC-HOME Version

Tianmu MVC-HOME Edition is a professional PHP+MYSQL product. A file upload vulnerability exists in Tianmu MVC-HOME Edition, which can be exploited by attackers to upload a webshell and gain server privileges...

CVE-2020-18114

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

CVE-2020-18114

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

Design/Logic Flaw

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

CVE-2020-18114

CVE-2020-18114 affects DedeCMS V5.7SP2, with an arbitrary file upload vulnerability in the /uploads/dede component that allows uploading a webshell in HTM format. This enables remote code execution via a crafted HTM upload, per the description in the CVE entry. Connected sources corroborate the s...

Desdev DedeCMS 代码问题漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing , content management , content editing and content retrieval functions. A security vulnerability exists in th...

NetModule Router Software 日志信息泄露漏洞

NetModule Router Software is a router for NetModule. A security vulnerability exists in NetModule Router Software due to the interface support for an optional "CLI-PHP" feature, which is essentially a PHP webshell that requires The vulnerability stems from the interface supporting an optional...

CVE-2020-28165

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

CVE-2020-28165

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

Privilege escalation

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

CVE-2020-28165

CVE-2020-28165 affects EasyCorp ZenTao PMS 12.4.2 with an arbitrary file upload vulnerability exposed through the downloadZipPackage() function, allowing upload of arbitrary webshells to the server. Connected sources corroborate the vulnerability description; no additional exploit details, affect...

CVE-2020-28165

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

Design/Logic Flaw

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

CVE-2020-21976

CVE-2020-21976 affects NewsOne CMS v1.1.0 via an arbitrary file upload in the field. Root cause is an unrestricted file upload, enabling attackers to webshell and execute arbitrary commands. CVSSv3.1 base score 8.8 (HIGH) with NETWORK attack vector and LOW access complexity; high impact to confi...