openMAINT version 1.1-2.4.2 suffers from an arbitrary file upload vulnerability.
a26477f39b4617b2b78e146c4bedb8e5e49793b1405220c3427519405c789d51
This Metasploit module exploits an arbitrary file upload vulnerability in MaraCMS versions 7.5 and below in order to execute arbitrary commands. The module first attempts to authenticate to MaraCMS. It then tries to upload a malicious PHP file to the web root via an HTTP POST request to codebase/handler.php. If the php target is selected, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to this file. For the linux and windows targets, the module uploads a simple PHP web shell. Subsequently, it leverages the CmdStager mixin to deliver the final payload via a series of HTTP GET requests to the PHP web shell. Valid credentials for a MaraCMS admin or manager account are required. This module has been successfully tested against MaraCMS 7.5 running on Windows Server 2012 (XAMPP server).
46bcd0fb88548beb443fdf27155d8d4343ca495c9eb2a3289d06a46da4ac2b7b
Seat Reservation System version 1.0 suffers from an unauthenticated file upload vulnerability that allows for remote code execution.
f51980f4cdcbccbc7521c2a7dab9d0a487666c168a76426fc20232877e5f661b
All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from an arbitrary file upload vulnerability.
73f58c444371c240444b5a1298b127bc7083b9a6ceedbd305c49dcca16f44ec3
Joomla GMapFP component versions J3.5 and J3.5F suffer from an unauthenticated arbitrary file upload vulnerability.
4563c49b5f140d4c97097c0714861f19d0ef0655690b42573600db44b51a3c2a
flatCore CMS versions 1.5.5 and below suffer from cross site scripting and arbitrary file upload vulnerabilities.
9815638f104a3e7980277234b49f1ecb97d771220babb5af06d2de42d18f2af1
Online Shopping Alphaware version 1.0 suffers from an arbitrary file upload vulnerability.
1c73f02370cfc464f48e9e0329d3295cf79cee55b8d21245f13bb4fa92008374
October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities.
db161c36ea18421b21654c361479e95224d40c18622344eb445b051377246742
This Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new bot to the panel by uploading the ZIP file under the logs directory. On versions 3.0 and 3.1 victim logs are ciphered by a random 4 byte XOR key. This exploit module retrieves the IP specific XOR key from panel gate and registers a new victim to the panel with adding the selected payload inside the victim logs.
eead6190f3debc909c6e03fa4150c29da6936794b738a1702f89596b906fc97f
Socket.io-file versions 2.0.31 and below suffer from an arbitrary file upload vulnerability.
711ef348c9b7a811fcc015a0073c09cabd304fdb53657ca775b0e1598313780e
LibreHealth version 2.0.0 authentication remote code execution exploit that leverages file upload.
72dc0f0110132301f3990ed51cc51e800ab71dfb943e71ad251f75ff30848051
WonderCMS versions 3.1.0 and below suffer from directory traversal, persistent cross site scripting, and file upload vulnerabilities.
c8f9cd68ea4db3c53c6e6bf260ab07eced2819f903c6aa21f0fb40a29486efcf
Webtareas versions 2.1 and 2.1p suffer from unauthenticated file uploads that allow for remote code execution and expose directory listings.
50d4e7012c5d0dd6638cdbd956d6d2350c54598bb9e29b1aaf08aea28992ed75
This Metasploit module exploits an arbitrary file upload vulnerability together with a directory traversal flaw in ATutor versions 2.2.4, 2.2.2 and 2.2.1 in order to execute arbitrary commands.
344a78946baa67ebb531073dad88904763b7f86e0bf52c4f8197e8fc0c0f179d
Online Student Enrollment System version 1.0 suffers from an unauthenticated arbitrary file vulnerability.
064a9332857173fea7fedcc2737f6d91ed1dfad56d7b15adb5bc5b7a3441673c
SmarterMail 16 suffers from an arbitrary file upload vulnerability.
d99f22976a0cdef98e659c1ee2684d7744855682a5a86267c256f46720d99efd
Whitepaper called Exploiting Unrestricted File Upload via Plugin Uploader in WordPress.
efdbdb90e446a0fac9ede57a38883f4aa80f9e270ca7fa7750a06b3b479136af
This Metasploit module exploits a file upload feature of Drag and Drop Multi File Upload - Contact Form 7 for versions prior to 1.3.4. The allowed file extension list can be bypassed by appending a %, allowing for php shells to be uploaded. No authentication is required for exploitation.
d94c9f0362d25709f05afe545bc81aff8520f8eb38e83726bf24a2463da16a0a
WordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload vulnerability.
36da7f722845fbc942179b4637fb9e3df8d66888734d49a9f4a425645863787a
qdPM version 9.1 suffers from an arbitrary file upload vulnerability.
29677c9aeba89af9fcf295f75937caccf52029e7fa9463e55173aedd624ed875
CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.
1bf71f9d33300d7dc2cc4132c6b15db181f3b4df8f6712432611c28b8929c56a
Kartris version 1.6 suffers from an arbitrary file upload vulnerability.
1893df3860645717ed77b36829cd27018d61135d550260a8e7b0722461344c66
Online Clothing Store version 1.0 suffers from an arbitrary file upload vulnerability.
3581d88084c332b91b7c1e30cd3add420f3ee25d09c0a63cb6311a42c32529e4
HardDrive version 2.1 for iOS suffers from an arbitrary file upload vulnerability.
0c34b14b82c1c179e184b9fb03967beb613f81201373e46509c51dd3086c8082
Gigamon GigaVUE version 5.5.01.11 suffers from directory traversal and file upload with command execution vulnerabilities. Gigamon has chosen to sunset this product and not offer a patch.
4f94429e64d9c424c9369febb776c41eae261c908658edff22b96292c43a0a65