📄 XiboCMS 3.3.4 Traversal / Code Execution

XiboCMS version 3.3.4 zip slip exploit that leverages path traversal and arbitrary file upload vulnerabilities to achieve code execution. Exploit Title: XiboCMS 3.3.4- Remote Code Execution Google Dork: N/A Date: 2025-11-18 Exploit Author: complexusprada Vendor Homepage: https://xibo.org.uk/...

xibocms 3.3.4 - RCE

Exploit Title: XiboCMS 3.3.4- Remote Code Execution Google Dork: N/A Date: 2025-11-18 Exploit Author: complexusprada Vendor Homepage: https://xibo.org.uk/ Software Link: https://github.com/xibosignage/xibo-cms Version: 1.8.0 - 2.3.16, 3.0.0 - 3.3.4 Tested on: Ubuntu Linux Docker, Xibo CMS 3.3.4...

PT-2026-30693

Name of the Vulnerable Software and Affected Versions Ninja Forms - File Uploads versions prior to 3.3.27 Description An issue in the Ninja Forms - File Uploads plugin allows unauthenticated attackers to upload arbitrary files, including PHP backdoors, which can lead to remote code execution and...

CVE-2026-34607

Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip function include/lib/common.php:793. When extracting ZIP archives plugin/template uploads, backup imports, the function calls $zip-extractTo$path without sanitizing Z...

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

In this article 1. Cookie-controlled execution behavior 2. Observed variants of cookie-controlled PHP web shells 3. Mitigation and protection guidance 4. Microsoft Defender XDR detections 5. Microsoft Security Copilot prompts 6. Microsoft Defender XDR threat analytics 7. MITRE ATT&CK™ Techniques...

GHSA-C5C6-37VQ-PJCQ baserCMS Path Traversal Leads to Arbitrary File Write and RCE via Theme File API

Summary A path traversal vulnerability exists in the baserCMS 5.x theme file management API /baser/api/admin/bc-theme-file/themefiles/add.json that allows arbitrary file write. An authenticated administrator can include ../ sequences in the path parameter to create a PHP file in an arbitrary...

📄 Bludit CMS Shell Upload

Bludit CMS versions prior to 3.18.4 have an unrestricted API file upload vulnerability that allows for remote code execution. Exploit Title: Bludit CMS . The uploadFile function performs no file extension or content validation, allowing upload of PHP webshells that execute as www-data. The API...

Exploit for XML Injection (aka Blind XPath Injection) in Fonttools

CVE-2025-66034 — fontTools varLib Arbitrary File Write → RCE...

Generic HTTP Command Execution

This module interacts with existing command execution functionality on a target system, where user-supplied input is directly passed to system execution functions via a HTTP request. This could be from an existing vulnerability, or uploaded webshells such as: It is likely that HTTP evasion option...

WordPress plugin Photo Engine 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-27774

Name of the Vulnerable Software and Affected Versions EspoCRM versions prior to 9.3.4 Description The EspoCRM software contains a flaw due to the formula engine operating outside the field-level restriction layer, allowing writable access to fields marked as read-only, such as Attachment.sourceId...

CVE-2026-33507 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...

CVE-2026-33507

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...

CVE-2026-33507 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...

CVE-2026-33507 AVideo Affected by CSRF on Plugin Import Endpoint Enables Unauthenticated Remote Code Execution via Malicious Plugin Upload

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting...

PT-2026-26790

Summary The objects/pluginImport.json.php endpoint allows admin users to upload and install plugin ZIP files containing executable PHP code, but lacks any CSRF protection. Combined with the application explicitly setting session.cookie samesite = 'None' for HTTPS connections, an unauthenticated...

CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

EUVD-2026-12496

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

CVE-2026-30875

Chamilo LMS (prior to v1.11.36) exposes an authenticated RCE via H5P Import. An attacker with Teacher role can upload a crafted H5P package that bypasses validation (H5P package validation only checks for h5p.json and does not block .htaccess or PHP files with alternate extensions), enabling exec...