Catfish CMS suffers from a file upload vulnerability (CNVD-2021-42363)

Catfish catfish CMS is open source and free PHPCMS web content management system. Catfish CMS has a file upload vulnerability. An attacker can use the vulnerability to upload a webshell and gain server privileges...

WellCMS File Upload Vulnerability

WellCMS is an open source with a billion load, tend to mobile, lightweight, with ultra-fast response ability of high load CMS, is a large amount of data, high concurrency access to the site's best choice of light CMS. has a safe, efficient, stable, ultra-fast speed, super load characteristics. A...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

Design/Logic Flaw

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to a file-upload flaw where the upload file type is controllable in the CMS background, enabling an attacker to modify the file type and potentially obtain a webshell. Root cause: incomplete verification of uploaded file types. Impact: webshell capability is implie...

FDCMS File Containment Vulnerability

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A file inclusion vulnerability exists in FDCMS version 4.0. An attacker can exploit this vulnerability to obtain a webshell in the background via Front/lib/Action/FindexAction.class.php...

WellCMS 代码问题漏洞

WellCMS is an open source with a billion load, tend to mobile, lightweight, with ultra-fast response ability of high load CMS, is a large amount of data, high concurrency access to the site's best choice of light CMS. has a safe, efficient, stable, ultra-fast speed, super load characteristics. A...

CVE-2020-35442

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

CVE-2020-35442

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

Design/Logic Flaw

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

CVE-2020-35442

FDCMS (Fangfa Content Management System) 4.0 is affected by a file inclusion vulnerability in Front/lib/Action/FindexAction.class.php, allowing remote attackers to obtain a webshell in the background. The issue is described across multiple sources (CNVD/CNNVD) as a PHP-based vulnerability in vers...

CVE-2020-35442

FDCMS also known as Fangfa Content Management System 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php...

Fangfa FDCMS 代码问题漏洞

FDCMS is a PHP-based content management system of Sichuan Method Digital Technology Co. A file inclusion vulnerability exists in FDCMS version 4.0. An attacker can exploit this vulnerability to obtain a webshell in the background via Front/lib/Action/FindexAction.class.php...

File Upload Vulnerability in UFIDA NC Cloud Large Enterprise Digitization Platform

NC Cloud, a large enterprise digitalization platform, deeply applies the new generation of digital technologies to build an open, interconnected, convergent and intelligent integrated cloud platform and other three strategic directions for enterprise digital transformation, and provides 18...

PHP 8.1.0-dev Backdoor Remote Command Execution

!/usr/bin/env python3 Exploit Title: PHP 8.1.0-dev WebShell RCE Unauthenticated Date: 2021-05-31 Exploit Author: Mayank Deshmukh Vendor Homepage: https://www.php.net/ Software Link: https://github.com/vulhub/vulhub/tree/master/php/8.1-backdoor Version: PHP 8.1.0-dev Tested on: Kali GNU/Linux 2020...

slopShell - The Only Php Webshell You Need

php webshell Since I derped, and forgot to talk about usage. Here goes. For this shell to work, you need 2 things, a victim that allows php file uploadyourself, in an educational environment and a way to send http requests to this webshell. Basic Usage VideoHosted on Youtube: Current VT Detection...

Pluck CMS suffers from a file upload vulnerability (CNVD-2021-40249)

Pluck CMS is a PHP-based content management system. Pluck CMS suffers from a file upload vulnerability that can be exploited by an attacker to upload a webshell and gain server privileges...

Cross site scripting

vFairs 3.3 is affected by Insecure Permissions. Any user logged in to a vFairs virtual conference or event can modify any other users profile information or profile picture. After receiving any user's unique identification number and their own, an HTTP POST request can be made update their profil...