CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell...

CVE-2021-41661

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell...

Exploit for Injection in Thedaylightstudio Fuel_Cms

CVE-2018-16763 - FuelCMS Exploit to trigger RCE for CVE-2...

Exploit for Improper Handling of Case Sensitivity in Vmware Spring_Framework

spring-rce-poc Testing CVE-2022-22968 Simple app vulnerable...

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

CVE-2022-1388-EXP This is CVE-2022-1388-EXP Author: Caps@B...

Exploit for CVE-2022-28590

CVE-2022-28590 The original discovery and manual PoC is from...

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 CVE-2022-29464 POC exploit https://github.com/...

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 CVE-2022-29464 POC exploit Usage shell us...

Exploit for Path Traversal in Wso2 Api_Manager

cve-2022-29464 Disclaimer The script is for learning purpos...

Pharmacy Management System 1.0 Shell Upload Vulnerability

Exploit Title: Pharmacy management system - Remote Code Execution RCE Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version: 1.0 Tested on:...

WordPress plugin Fancy Product Designer cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Fancy Product Designer, which...

Pharmacy Management System 1.0 Shell Upload

Exploit Title: Pharmacy management system - Remote Code Execution RCE Date: 19/04/2022 Exploit Author: Saud Alenazi Vendor Homepage: https://www.sourcecodester.com/ Software Link: https://www.sourcecodester.com/php/15281/multi-language-pharmacy-management-system-project-source-code.html Version:...

CVE-2021-4096

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

CVE-2021-4096

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

Cross site request forgery (csrf)

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

CVE-2021-4096 Fancy Product Designer <= 4.7.5 - Cross-Site Request Forgery to Arbitrary File Upload

The Fancy Product Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server in versions up to, and including, 4.7.5...

CVE-2021-4096

CVE-2021-4096 affects the WordPress plugin Fancy Product Designer (versions up to and including 4.7.5). The vulnerability is a Cross-Site Request Forgery via the FPD_Admin_Import class that enables attackers to upload malicious files, potentially gaining webshell access to the server. Non-exploit...

WordPress plugin Fancy Product Designer跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress plugin Fancy Product Designer, which...

Fancy Product Designer < 4.7.6 - Arbitrary File Upload via CSRF

The plugin is vulnerable to Cross-Site Request Forgery via the FPDAdminImport class that makes it possible for attackers to upload malicious files that could be used to gain webshell access to a server via a CSRF attack...

Apache Superset SQL注入漏洞

A SQL injection vulnerability exists in Apache Superse, a modern, industrial-grade Web application for Business Intelligence. An attacker can use this vulnerability to execute arbitrary SQL statements such as querying data, downloading data, writing to a webshell, executing system commands, and...