2123 matches found
UCMS suffers from a file upload vulnerability (CNVD-2021-33188)
UCMS is a simple web content management system. A file upload vulnerability exists in UCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
Remote code execution
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
WonderCMS 3.1.3 is affected by a remote code execution via installUpdateThemePluginAction in index.php, enabling an attacker to upload a crafted plugin through the theme/plugin installer and execute arbitrary code. Some sources indicate this requires an authenticated session (authenticated RCE) a...
WonderCMS 操作系统命令注入漏洞
WonderCMS is a PHP-based open source content management system CMS. WonderCMS 3.1.3 exists an operating system command injection vulnerability, the vulnerability stems from an operating system command injection vulnerability in the installUpdateThemePluginAction function in index.php, which allow...
Phone Shop Sales Management System 1.0 Shell Upload Exploit
Exploit Title: Phone Shop Sales Management System - Arbitrary File Upload Unauthenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 import requests...
Phone Shop Sales Management System 1.0 Shell Upload
Exploit Title: Phone Shop Sales Management System - Arbitrary File Upload Unauthenticated Date: 20/04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/10882/phone-shop-sales-managements-system.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4...
File Upload Vulnerability in Super cms v2.39 (CNVD-2021-32173)
Super CMS content management system by the SEO Research Center moonseo.cn in order to solve the problem of website optimization and research and development of a set of products, this product adopts an object-oriented approach to independent research and development of the MVC framework...
File Upload Vulnerability in Easy Control World (CNVD-2021-33158)
Easy Control World is an automation monitoring and information management platform created by Beijing Jiushi Yi Automation Software Co. A file upload vulnerability exists in Easy Control World. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Fish Leap CMS Backend
FishLeap CMS is made up of a content management system that is specifically geared towards enterprise applications. A file upload vulnerability exists in the backend of Fishy CMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Weilian Technology WiSCADA
WiSCADA industrial configuration software is a 3D industrial configuration software product that supports Windows, Android and IOS cross-platform. A file upload vulnerability exists in Weilian Technology WiSCADA. An attacker can exploit the vulnerability to upload a webshell and gain server...
File Upload Vulnerability in Easy Control World
Easy Control World is an automation monitoring and information management platform created by Beijing Jiushi Yi Automation Software Co. A file upload vulnerability exists in Easy Control World. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
File Upload Vulnerability in Digital Campus Integrated Management System of Anhui Kexun Education Equipment Co.
Anhui Kexun Education Equipment Co., Ltd. is a professional information technology integrated service provider specializing in computer software research and development, sales and service. A file upload vulnerability exists in the Digital Campus Integrated Management System of Anhui Kexun...
Native Church Website 1.0 Shell Upload Exploit
Exploit Title: Native Church Website - Arbitrary File Upload Authenticated Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11764/native-church-website-phpmysql.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 /usr/bin/python3 import requests impo...
Native Church Website 1.0 Shell Upload
Exploit Title: Native Church Website - Arbitrary File Upload Authenticated Date: 04/21 Exploit Author: Richard Jones Vendor Homepage: https://www.sourcecodester.com/php/11764/native-church-website-phpmysql.html Version: 1.0 Tested on: Windows 10 build 19041 + xampp 3.2.4 /usr/bin/python3 import...
Updates on Microsoft Exchange Server Vulnerabilities
CISA has added two new Malware Analysis Reports MARs to Alert AA21-062A: Mitigate Microsoft Exchange Server Vulnerabilities. MAR-10331466-1.v1: China Chopper Webshell identifies a China Chopper webshell observed in post-compromised Microsoft Exchange Servers. After successfully exploiting a...
File Upload Vulnerability in Disk Enterprise LCMS
Pan Enterprise LCMS is a lightweight PHP development framework . A file upload vulnerability exists in PanEnterprise LCMS. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
Emlog 代码问题漏洞
Emlog is a PHP and MySQL based CMS builder by the individual developer of Emlog. A security vulnerability exists in emlog v6.0.0, which allows users to upload webshell via zip plugin module...
Exploit for Cross-site Scripting in Get-Simple Getsimple_Cms
CVE-2020-23839 | GetSimple CMS v3.3.16 - Reflected XSS to RCE...