2126 matches found
CVE-2025-67436
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
EUVD-2025-204758
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
CVE-2025-67436
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
CVE-2025-67436
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
CVE-2025-67436
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
UBUNTU-CVE-2025-67436
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
CVE-2025-67436
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
PluXml 安全漏洞
PluXml is a free open source content management system from PluXml Open Source that does not require a database to work. A security vulnerability exists in PluXml version 5.8.22, which originates from an attacker with administrator panel access who can inject a malicious PHP webshell into theme...
PT-2025-52722
Name of the Vulnerable Software and Affected Versions PluXml CMS version 5.8.22 Description An authenticated attacker with administrator panel access can execute arbitrary code remotely. This is achieved by injecting a malicious PHP webshell into a theme file, such as home.php. The attack require...
CVE-2025-67436
Authenticated Remote Code Execution RCE in PluXml CMS 5.8.22 allows an attacker with administrator panel access to inject a malicious PHP webshell into a theme file e.g., home.php...
CVE-2025-67436
CVE-2025-67436 affects PluXml CMS 5.8.22. A authenticated administrator can inject a malicious PHP webshell into a theme file (e.g., home.php), enabling remote code execution. The exploit details in related PT-2025-52722 confirm the vulnerability arises from module/theme file handling allowing ar...
Remote Code Execution
Mingsoft MCMS is a Java CMS. Versions prior to and including 5.2.5 contain a file upload vulnerability allowing for a jspx webshell to be uploaded via net.mingsoft.basic.action.web.FileActionupload, resulting in remote code execution. It is unclear if this issue has been patched...
Exploit for CVE-2020-1938
Ghostcat Scanner - CVE-2020-1938 A powerful Python exploit to...
Compuware iStrobe Web 代码问题漏洞
Compuware iStrobe Web is a mainframe performance analysis and optimization tool from Compuware Corporation. A code issue vulnerability exists in Compuware iStrobe Web version 20.13, which arises from a path traversal in the file upload form that could result in the upload of a JSP webshell and th...
EUVD-2025-202447
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...
Exploit for CVE-2025-57460
CVE-2025-57460 Des: File upload vuln...
CVE-2025-34392
Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not verify the URL defined in an attacker-controlled WSDL that is later loaded by the application. This can lead to arbitrary file write and remote code execution via webshell upload...
CVE-2025-34392
Barracuda Service Center (as implemented in Barracuda RMM) prior to version 2025.1.1 contains an insufficient WSDL URL validation in attacker-controlled WSDLs, enabling arbitrary file write and remote code execution via webshell uploads. Affected products include Barracuda RMM’s Service Center in...
CVE-2025-41694
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...
EUVD-2025-201891
A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver...