2126 matches found
Privilege escalation
Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...
Wade Graphic Design FANTSY 代码问题漏洞
Wade Graphic Design FANTSY is a digital art application from Wade Graphic Design. A code issue vulnerability exists in Wade Graphic Design FANTSY v2.1.8, which stems from an insufficient file type filtering vulnerability that can be exploited by an authenticated, remote attacker with normal user...
CVE-2023-28699 WADE DIGITAL DESIGN CO, LTD. FANTSY - Arbitrary File Upload
Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disru...
PT-2023-21914 · Unknown · Wade Graphic Design Fantsy
Name of the Vulnerable Software and Affected Versions: Wade Graphic Design FANTSY affected versions not specified Description: The issue is related to insufficient filtering for file type in the file update function. An authenticated remote attacker with general user privilege can exploit this to...
Faculty Evaluation System 1.0 - Unauthenticated File Upload
Exploit Title: Faculty Evaluation System 1.0 - Unauthenticated File Upload Date: 5/29/2023 Author: Alex Gan Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html Software Link:...
CVE-2023-33177
Xibo is a content management system CMS. A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the...
CVE-2023-33177 Xibo CMS vulnerable to Remote Code Execution through Zip Slip
Xibo is a content management system CMS. A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the...
PT-2023-24193 · Xibo · Xibo
Name of the Vulnerable Software and Affected Versions: Xibo versions prior to 2.3.17 Xibo versions prior to 3.3.5 Description: A path traversal vulnerability exists in the Xibo CMS, allowing a specially crafted zip file to be uploaded via the layout import function by an authenticated user. This...
Best POS Management System v1.0 - Unauthenticated Remote Code Execution Exploit
Exploit Title: Best POS Management System v1.0 - Unauthenticated Remote Code Execution Google Dork: NA Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Best POS Management System v1.0 - Unauthenticated Remote Code Execution
Exploit Title: Best POS Management System v1.0 - Unauthenticated Remote Code Execution Google Dork: NA Date: 15/5/2023 Exploit Author: Mesut Cetin Vendor Homepage: https://www.sourcecodester.com/php/16127/best-pos-management-system-php.html Software Link:...
Job Portal 1.0 - File Upload Restriction Bypass
/jobportal/applicant/ 2.- Select profile image and load a valid image. 3. Turn Burp/ZAP Intercept On 4. Select webshell - ex: shell.png 5. Alter request in the upload... Update 'filename' to desired extension. ex: shell.php Not neccesary change content type to 'image/png' Example exploitation...
CVE-2023-30855
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...
Path traversal
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...
CVE-2023-30855
Pimcore Path Traversal (CVE-2023-30855) affects Pimcore versions before 10.5.18, specifically in AdminBundle/Controller/Reports/CustomReportController.php. The vulnerability allows path traversal and arbitrary file creation/append operations; when combined with SQL Injection, it can expose or rea...
CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...
CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...
CVE-2023-30855 Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with th...
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
Unrestricted file upload
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...