WordPress plugin Ultra Demo Importer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Exploit for CVE-2025-2249

🔐 WordPress SoJ SoundSlides Plugin ⚠️ DISCLAIMER: This ex...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878-POC CVE-2023-45878 poc for gibbon LMS on xampp...

UniRide Vehicle Booking Management System 1.0 Shell Upload

UniRide Vehicle Booking Management System version 1.0 suffers from a remote shell upload vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking Management System...

CVE-2025-27140

WeGIA is a Web manager for charitable institutions. An OS Command Injection vulnerability was discovered in versions prior to 3.2.15 of the WeGIA application, importardump.php endpoint. This vulnerability could allow an attacker to execute arbitrary code remotely. The command is basically a comma...

WeGIA 访问控制错误漏洞

WeGIA is a web manager for welfare organizations by Nilson Lazarin Individual Developer. An access control error vulnerability exists in WeGIA versions prior to 3.2.15. An attacker exploiting this vulnerability could execute arbitrary code, including uploading a webshell...

CVE-2021-4096

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

CVE-2024-56249

Unrestricted Upload of File with Dangerous Type vulnerability in Ludwig You WPMasterToolKit wpmastertoolkit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through = 1.13.1...

CVE-2024-11680

ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

Exploiting CVE-2024-27198-RCE Vulnerability In this project, I...

WordPress plugin WR Price List Manager For Woocommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists in t...

CVE-2025-21624

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

CVE-2025-21624 ClipBucket V5 Playlist Cover File Upload to Remote Code Execution

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

EUVD-2025-2576

ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script...

PT-2025-4308

Name of the Vulnerable Software and Affected Versions ClipBucket V5 versions prior to 5.5.1 - 239 Description A file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an...

ClipBucket 代码问题漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A security vulnerability exists in ClipBucket V5 5.5.1 - 238 and prior versions, which stems from an incorrect check in the file upload functionality that could allow a...

Chamilo v1.11.24 Unrestricted File Upload PHP Webshell

Chamilo LMS is a free software e-learning and content management system. In versions prior to use exploit/linux/http/chamilobiguploadwebshell msf exploitchamilobiguploadwebshell show targets ...targets... msf exploitchamilobiguploadwebshell set TARGET msf exploitchamilobiguploadwebshell show...

TRCore DVC File Upload Vulnerability (CNVD-2024-46435)

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a file upload vulnerability that can be exploited by an attacker to upload arbitrary files to any directory and achieve arbitrary code execution by uploading a webshell...

TRCore DVC File Upload Vulnerability (CNVD-2024-46433)

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a file upload vulnerability that can be exploited by an attacker to upload arbitrary files to any directory and achieve arbitrary code execution by uploading a webshell...

TRCore DVC File Upload Vulnerability (CNVD-2024-46432)

TRCore DVC is a file insurance system from TRCore China. TRCore DVC suffers from a file upload vulnerability that can be exploited by an attacker to upload arbitrary files to any directory and achieve arbitrary code execution by uploading a webshell...