CVE-2020-19891

DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $POST'updatefile' is filename and $POST'tinymcecontent' is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell...

CVE-2020-23591

A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OPV3.3.1-191028 allows an attacker to upload arbitrary files through " /mgmdevupgrade.asp " which can "delete every file for Denial of Service using 'rm -rf .' in the code, reverse connection using '.asp' webshell,...

CVE-2020-21005

WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell...

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

CVE-2020-21585

Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module...

CVE-2020-18114

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

CVE-2020-19302

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php"...

CVE-2019-1010062

PluckCMS 4.7.4 and earlier is affected by: CWE-434 Unrestricted Upload of File with Dangerous Type. The impact is: get webshell. The component is: data/inc/images.php line36. The attack vector is: modify the MIME TYPE on HTTP request to upload a php file. The fixed version is: after commit...

CVE-2019-15813

Multiple file upload restriction bypass vulnerabilities in Sentrifugo 3.2 could allow authenticated users to execute arbitrary code via a webshell...

CVE-2017-1000125

Codiadfull version is vulnerable to write anything to configure file in the installation resulting upload a webshell...

CVE-2018-1000658

LimeSurvey version prior to 3.14.4 contains a file upload vulnerability in upload functionality that can result in an attacker gaining code execution via webshell. This attack appear to be exploitable via an authenticated user uploading a zip archive which can contains malicious php files that ca...

WordPress plugin WPAMS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin WPAMS 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin Hospital Management System 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on PHP and MySQL servers.WordPress plugin is an...

Vulnerability fixed in Commvault Command Center

Commvault has fixed a vulnerability in Command Center. The vulnerability can be exploited by an unauthenticated remote malicious person to execute arbitrary code. This requires sending a specially crafted http request to the vulnerable application containing a reference to a rogue zip file. The...

Active exploitation of SAP NetWeaver Visual Composer CVE-2025-31324

On Thursday, April 24, enterprise resource planning company SAP published a CVE and a day later, an advisory behind login for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from a missing authorization check in...

CVE-2025-3928

CVE-2025-3928 — Commvault Web Server has an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells on the Web Server component of CommCell environments. Public documents consistently describe the issue as an unspecified vulnerability enabling webshe...

Commvault Web Server 安全漏洞

Commvault Web Server is a web server management program from Commvault USA. A security vulnerability exists in Commvault Web Server that originates from a remote authenticated attacker who could create and execute a webshell...

CVE-2025-3928

Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: “Webservers can be compromised through bad actors creating and executing webshells.” Fixed in version 11.36.46, 11.32.89, 11.28.141, and 11.20.217...

Can LLMs Handle WebShell Detection? Overcoming Detection Challenges with Behavioral Function-Aware Framework

WebShell attacks, in which malicious scripts are injected into web servers, are a major cybersecurity threat. Traditional machine learning and deep learning methods are hampered by issues such as the need for extensive training data, catastrophic forgetting, and poor generalization. Recently, Lar...