E-Learning System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass and also suffers from remote code execution via file upload functionality.
bd3d65870be0207ac9da305059435137EyesOfNetwork version 5.3 suffers from a remote code execution vulnerability that leverages file upload. Original discovery of remote code execution in this version is attributed to Clement Billac in February of 2020.
080019485e2ef8b6d7f66a5cd8adfc99This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
77c5903183e5519dfd6d1477ae0018a4Incom CMS version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.
e37477593ca5df2723fa00d2390b8cfaRock RMS suffers from arbitrary file upload, account takeover, and personal information disclosure vulnerabilities. Various versions are affected.
496349ae2fd93f703a324dcbbd378676This Metasploit module exploits an arbitrary file upload vulnerability in FlexDotnetCMS versions 1.5.8 and prior in order to execute arbitrary commands with elevated privileges.
49d8406c21ab8ebe76041ae803166693CMS Made Simple version 2.2.15 suffers from a persistent cross site scripting vulnerability via an authenticated SVG file upload.
23f9b1ff24fb45885fbf0f6a1744a482Laravel Administrator version 4 suffers from an unrestricted file upload vulnerability.
b32ad26683689ce39aae3cd95365fc83Moodle version 3.8 suffers from an arbitrary file upload vulnerability.
4bf530ba008f828cff2639ab14956f02WordPress Fancy Product Designer for WooCommerce plugin versions 4.5.1 and below suffer from an unauthenticated arbitrary file upload vulnerability.
a23fbe7a9101f368564e24a1ccaad929This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.
b1586e133ec28d35e83ec172e95fe1d0Ubuntu Security Notice 4590-1 - It was discovered that Collabtive did not properly validate avatar image file uploads. An authenticated user could exploit this with a crafted file to cause Collabtive to execute arbitrary code.
179fd7eba43ef7a3691ef8f62753e5e7ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker can exploit the Quick File Uploader (/tools/upload.html) page and upload PHP executable files that results in remote code execution as the web server user.
27df19dca8c37dc3db671041baa681bfSage DPW versions 2020_06_000 and 2020_06_001 suffer from cross site scripting and unauthenticated malicious file upload vulnerabilities.
524445f4adeb021b41c82c7d3a160f5bopenMAINT version 1.1-2.4.2 suffers from an arbitrary file upload vulnerability.
1e4843b975a1cb67fdef303a4b35c16fThis Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).
f3fcdcf0924156e882b29740d16480f8Seat Reservation System version 1.0 suffers from an unauthenticated file upload vulnerability that allows for remote code execution.
f3302d01404a38c2cf0a759d35184237All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from an arbitrary file upload vulnerability.
c009d2120232537634c05881dd75c693Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.
9c9258b91b93df640a00425477cf2e15flatCore CMS versions 1.5.5 and below suffer from cross site scripting and arbitrary file upload vulnerabilities.
b4c0b5682efb708e59bbe189e31c8dc7Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.
ac99c740e91732de1ca528611dc05ba5October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.
a79e40ac7fff8141301027b2d8a73d91This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.
3aee05fb3bfa3e3eb0452ce7bbf7bdfbSocket.io-file versions 2.0.31 and below suffer from an arbitrary file upload vulnerability.
036513b2828cb0405115bfde1a5912eeLibreHealth version 2.0.0 authentication remote code execution exploit that leverages file upload.
fdb429c0607ceadf1536570f0e8ac8d9
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed