File Upload Vulnerability in Travel Management System in PHP

Travel Management System in PHP is an automated system designed to help customers easily check their parcel details while helping travel companies track packages online. A file upload vulnerability exists in Travel Management System in PHP, which can be exploited by an attacker to upload a webshe...

File Upload Vulnerability in Exam Hall Management System

Exam Hall Management System is a PHP project that automates the process of exam assignment and seating arrangements. A file upload vulnerability exists in Exam Hall Management System, which can be exploited by an attacker to upload a webshell and gain server privileges...

File Upload Vulnerability in Travel Management System in PHP (CNVD-2021-51849)

Travel Management System in PHP is an automated system designed to help customers easily check their parcel details while helping travel companies track packages online. A file upload vulnerability exists in Travel Management System in PHP, which can be exploited by an attacker to upload a webshe...

File upload vulnerability in Exam Hall Management System (CNVD-2021-51846)

Exam Hall Management System is a PHP project that automates the process of exam assignment and seating arrangements. A file upload vulnerability exists in Exam Hall Management System, which can be exploited by an attacker to upload a webshell and gain server privileges...

TextPattern CMS 4.9.0-dev - Remote Command Execution (Authenticated) Exploit

Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3 import requests fro...

TextPattern CMS 4.9.0-dev Remote Command Execution

Exploit Title: TextPattern CMS 4.9.0-dev - Remote Command Execution RCE Authenticated Date: 07/04/2021 Exploit Author: Mevlüt Akçam Software Link: https://github.com/textpattern/textpattern Vendor Homepage: https://textpattern.com/ Version: 4.9.0-dev Tested on: 20.04.1-Ubuntu !/usr/bin/python3...

File Upload Vulnerability in UFIDA Nccloud (CNVD-2021-52060)

NC Cloud is a large enterprise digitalization platform launched by UFIDA. A file upload vulnerability exists in UFIDA Nccloud, which can be exploited by an attacker to upload a webshell and gain server privileges...

File Upload Vulnerability in PHPOK of Shenzhen Kunshuo Technology Co., Ltd (CNVD-2021-51871)

PHPOK is a website building content management system to achieve customized open source free website building cms system. Ltd. PHPOK file upload vulnerability, attackers can use the vulnerability to upload webshell, to obtain server privileges...

File Upload Vulnerability in PHPOK of Shenzhen Kunshuo Technology Co., Ltd (CNVD-2021-51870)

PHPOK is a website building content management system to achieve customized open source free website building cms system. Ltd. PHPOK file upload vulnerability, attackers can use the vulnerability to upload webshell, to obtain server privileges...

PHP Webshell Upload Over HTTP

An attacker might upload a webshell backdoor to a PHP server. A successful exploitation might allow the attacker to run arbitrary code, or use the server as a bot for further attacks...

File Upload Vulnerability in Flash Flood Monitoring and Early Warning Distribution System of Siltronic Technology Co.

Siltronic Ltd. is an information service provider for disaster reduction and profitability. An arbitrary file upload vulnerability exists in the Flash Flood Detection and Early Warning Platform of Sicron Technology Limited, which allows an attacker to upload an aspx file to gain access to the...

Exploitation of Accellion File Transfer Appliance

Summary This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,1 New Zealand,2 Singapore,3 the United Kingdom,4 and the United States.56 These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance...

File upload vulnerability in deituiCMS (CNVD-2021-45393)

deituiCMS is a set of open source free website building CMS. A file upload vulnerability exists in deituiCMS. An attacker can exploit the vulnerability to upload webshell and gain server privileges...

SQL Injection Vulnerability in Farmers' Credit Information System of Nanning Desi Technology Co.

Nanning Desi Technology Co., Ltd, business scope includes computer software development and technical services; computer, office equipment sales and maintenance, etc.. A SQL injection vulnerability exists in the Farmer Credit Information System of Nanning Desi Technology Co. An attacker can utili...

OpenEMR 5.0.1.3 - 'manage_site_files' Remote Code Execution (Authenticated)

Exploit Title: OpenEMR 5.0.1.3 - 'managesitefiles' Remote Code Execution Authenticated Date 12.06.2021 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/refs/tags/v5013.zip Version: Prior to 5.0.1.4 Tested on...

WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution (Unauthenticated)

Exploit Title: WordPress Plugin wpDiscuz 7.0.4 - Remote Code Execution Unauthenticated Date: 2021/06/08 Exploit Author: Fellipe Oliveira Vendor Homepage: https://gvectors.com/ Software Link: https://downloads.wordpress.org/plugin/wpdiscuz.7.0.4.zip Version: wpDiscuz 7.0.4 Tested on: Debian9,...

EacooPHP has a file upload vulnerability

EacooPHP is a lightweight WEB product development framework based on ThinkPHP 5.0.21. EacooPHP suffers from a file upload vulnerability. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

File upload vulnerability in disk enterprise LCMS (CNVD-2021-43592)

Pan Enterprise LCMS is a lightweight PHP development framework . A file upload vulnerability exists in PanEnterprise LCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...

Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload (Unauthenticated)

Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Date: 2021-06-06 Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...

Wordpress wpDiscuz 7.0.4 Plugin - Arbitrary File Upload (Unauthenticated) Exploit

Exploit Title: Wordpress Plugin wpDiscuz 7.0.4 - Arbitrary File Upload Unauthenticated Google Dork: inurl:/wp-content/plugins/wpdiscuz/ Original Author: Chloe Chamberland Exploit Author: Juampa Rodríguez aka UnD3sc0n0c1d0 Vendor Homepage: https://gvectors.com/ Software Link:...