This Metasploit module exploits the file upload vulnerability of baldr malware panel in order to achieve arbitrary code execution.
4da9fd2ffdcce769456b0f4efa3464cdc760398d6c00430570f596892e606f78
ATutor version 2.2.4 suffers from a language_import arbitrary file upload that allows for command execution.
68b1f5ef4f43ce98748eca51235dfb77dab8a8340683912b52e996264a98eec7
This Metasploit module exploits an authenticated insecure file upload and code execution flaw in Ahsay Backup versions 7.x through 8.1.1.50. To successfully execute the upload credentials are needed, default on Ahsay Backup trial accounts are enabled so an account can be created. It can be exploited in Windows and Linux environments to get remote code execution (usually as SYSTEM). This module has been tested successfully on Ahsay Backup v8.1.1.50 with Windows 2003 SP2 Server. Because of this flaw all connected clients can be configured to execute a command before the backup starts. Allowing an attacker to takeover even more systems and make it rain shells!
83afb5ef0b4fb3cbf8a67a2f3aef040fe1e3f8026ef03cddf56dee9c7ba91e49
Ahsay Backup versions 7.x through 8.1.1.50 suffer from authenticated arbitrary file upload and remote code execution vulnerabilities.
8f297f63226a55c017752fbfc4e3ad2b92918ea609bfd8418e0ea5ca9cf59421
Cisco Data Center Network Manager (DCNM) versions 11.1(1) and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities.
dfd36cfbc7507485cec0e3cf8334543371b3ffebfedce49529db5c62ccf35e6c
WordPress Satoshi theme version 2.0 suffers from cross site request forgery and remote file upload vulnerabilities.
bf43d54e3d03215a0039911c353e90c20be07c4887ad233b784ba4063a99ebfc
Joomla Attachments component version 3.x suffers from a remote file upload vulnerability.
d5cf192e5152e876357d03867d1696944ce222fb9fd6fc28bbda9eb210bdfcec
eLabFTW version 1.8.5 suffers from arbitrary file upload and code execution vulnerabilities.
6740b6eb0bb94e7f81a3aab91e04f9d4cbf240e5ee05f834f815594d93776d7e
This Metasploit module exploits a remote code execution vulnerability found in GetSimpleCMS versions 3.3.15 and below. An arbitrary file upload (PHPcode for example) vulnerability can be triggered by an authenticated user, however authentication can be bypassed by leaking the cms API key to target the session manager.
4df2c6bb69a9fe3da21e575c7d71f0dc7d51d1f49ccf6cff0a23ef2afb22ff8d
GAT-Ship Web Module versions prior to 1.40 suffer from an unrestricted file upload vulnerability.
29b659482027b40950b1a55c4531b6749375a0bdfd8e2c1ecbc694deaca21696
This Metasploit module allows the user to run commands on the server with the teacher user privilege. The 'Upload files' section in the 'File Manager' field contains an arbitrary file upload vulnerability.
e818dbce1a6208f6186c65252ddd95a25f1f0b84f2a4a999e93d6590533bfe01
PhreeBooks ERP version 5.2.3 suffers from an arbitrary file upload vulnerability.
8946af8607d01cdbb4bbf87907507e414123374fc00ec083466a26acdbe24cb7
Classified Ad Lister version 2.0 suffers from an arbitrary file upload vulnerability.
63542f9d1c1104d0942738c1161df7996e1cf20ff40574c1071e3ef5584f6e3b
This Metasploit module exploits a file upload vulnerability that allows for remote command execution in Showtime2 module versions 3.6.2 and below in CMS Made Simple (CMSMS). An authenticated user with "Use Showtime2" privilege could exploit the vulnerability. The vulnerability exists in the Showtime2 module, where the class "class.showtime2_image.php" does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). Tested on Showtime2 3.6.2, 3.6.1, 3.6.0, 3.5.4, 3.5.3, 3.5.2, 3.5.1, 3.5.0, 3.4.5, 3.4.3, 3.4.2 on CMS Made Simple (CMSMS) 2.2.9.1.
1df098a0e8333fb97bab3cd80dd2de6a5ea4a18a6d09b8daa9ff38cd10e5965a
SPIP CMS versions 2.x and 3.x suffer from unauthenticated add administrator and arbitrary file upload vulnerabilities.
a7387c189d176bff2a0e9afc63e2bfada0350e829685bdc4a61f682b38596b2d
CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.
fb0146810cbfc9471813abe9fc9f601d9f297f6f71207fba22dc34802a43ccaa
CMS Made Simple Showtime2 module version 3.6.2 suffers from an authenticated arbitrary file upload vulnerability.
fa20c0dbf5abddd0ecf04e638c87694a61d978bf9edf8380b83ae038d3fe85d9
This Metasploit module exploits a file upload vulnerability Booked 2.7.5. In the "Look and Feel" section of the management panel, you can modify the Logo-Favico-CSS files. Upload sections has file extension control except favicon part. You can upload the file with the extension you want through the Favicon field. The file you upload is written to the main directory of the site under the name "custom-favicon". After you upload the php payload to the main directory, the exploit executes the payload and receives a shell.
fd1000e5cac89ace858ec8875c56402a580102eca4787adce2c81e8909ed4842
This Metasploit module exploits an arbitrary file upload vulnerability in Feng Office version 3.7.0.5. The application allows unauthenticated users to upload arbitrary files. There is no control of any session. All files are sent under /tmp directory. The .htaccess file under the /tmp directory prevents files with the php, php2, and php3 extensions. This exploit creates the php payload and moves the payload to the main directory via shtml. After moving the php payload to the main directory, the exploit executes payload and receives a shell.
a940da2e6fa296310cce651b821c9fdf8c7a9ec1bb8147e392837045d45532aa
Joomla Alberghi component version 2.1.3 suffers from arbitrary file upload and remote SQL injection vulnerabilities.
4108d89cd5aacaa5aba00bce1d89efdaca7515189ceb474f8a7a6e3a9ecd5ac2
Webiness Inventory version 2.3 suffers from an arbitrary file upload vulnerability.
6a948a73f6a62c627c29bebbebdd3b8689ed5297ffbfd18a4154c4f41d07a5d7
Zoho ManageEngine ServiceDesk Plus (SDP) versions prior to 10.0 build 10012 suffer from an arbitrary file upload vulnerability.
e370325c125ed93cabb906e3e837c2afb415d355b1cb2e06e3d4ed6f06c3a997
UniSharp Laravel File Manager version 2.0.0-alpha7 suffers from an arbitrary file upload vulnerability.
f67d9939b12edf8fa0798c677008aa300033f210c22c4530b791b22cdd35192e
WordPress Jssor-Slider plugin version 3.1.24 suffers from cross site request forgery and remote file upload vulnerabilities.
4e5ec89d243458ded11b3a5410778f396b0f09bffeb8a9b6b43aeee55cdff04a
TinyMCE JBimages plugin versions 3.x from JustBoilMe suffers from an arbitrary file upload vulnerability.
8a859dccbf46db9bb0c847fd7f6ca4b05f01004735fdf588805f0463a8a30647