This Metasploit module exploits an Authenticated user with permission to upload and manage media contents can upload various files on the server. Application prevents the user from uploading PHP code by checking the file extension. It uses black-list based approach, as seen in octobercms/vendor/october/rain/src/Filesystem/ Definitions.php:blockedExtensions(). This module was tested on October CMS version version 1.0.412 on Ubuntu.
577544e8738172a5269aa660dcf271eaWhitepaper called PHP Web Backdoor Decode. It covers decoding an obfuscated/encoded web backdoor shell, recovering the original source code, and the encrypted password in order to login to the backdoor shell.
6e344c38af456d4c74436df122f2cf9cYouPHPTube version 7.2 suffers from a remote SQL injection vulnerability in userCreate.json.php.
0c5a7e8e6f6f45c7826e5a19a22f0deaRed Hat Security Advisory 2019-2519-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, bypass, cross site scripting, denial of service, information leakage, and null pointer vulnerabilities.
78b5fcb3a3c8f8ee710500de6377153eUbuntu Security Notice 4097-2 - USN-4097-1 fixed several vulnerabilities in php5. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
78dca1533d9f697a55b2bb9ad0c98d47Ubuntu Security Notice 4097-1 - It was discovered that PHP incorrectly handled certain images. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
8f4b0ec2ca1de60068711607cd3619f2Joomla JS Support Ticket component version 1.1.6 suffers from a remote SQL injection vulnerability in ticketreply.php.
3ea9e32ea71f28703d1ccfca184e503fBSI Advance Hotel Booking System version 2.0 suffers from a persistent cross site scripting vulnerability in booking_details.php.
cb91e2a4b389dc6caaadf2ebafb7bb6dJoomla JS Support Ticket component version 1.1.6 suffers from an arbitrary file deletion vulnerability in ticket.php.
d5c4574a75aefd5ce55aeb970189d93dUNA version 10.0.0 RC1 suffers from a persistent cross site scripting vulnerability in polyglot.php.
ec9eee5192777cb8c329f9ce8f2c7370Joomla JS Jobs component version 1.2.5 suffers from a remote SQL injection vulnerability in cities.php.
8f0f4fdcefb3d109c21dff30c8ed8860An issue was discovered in osTicket versions before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.
e8e356d6eb5ab1df3d21abcb7dadd26fUbuntu Security Notice 4088-1 - It was discovered that PHP incorrectly handled certain regular expressions. An attacker could possibly use this issue to expose sensitive information, cause a denial of service or execute arbitrary code.
ed4b58bc7094ad86318294e6a345fed2Active PHP Bookmarks version 1.3 suffer from a cookie_auth error-based remote SQL injection vulnerability.
95549322c6d6c54be90a59cfcd3af5fcYahei-PHP Prober version 0.4.7 (speed) suffers from a remote html injection vulnerability.
eb98108b01a92b8fac447bf19361759aThis Metasploit module exploits a vulnerability in the PHP Laravel Framework for versions 5.5.40, 5.6.x up to 5.6.29. Remote command execution is possible via a correctly formatted HTTP X-XSRF-TOKEN header, due to an insecure unserialize call of the decrypt method in Illuminate/Encryption/Encrypter.php. Authentication is not required, however exploitation requires knowledge of the Laravel APP_KEY. Similar vulnerabilities appear to exist within Laravel cookie tokens based on the code fix. In some cases the APP_KEY is leaked which allows for discovery and exploitation.
7094c48d642dbb2c66067663c6ef39d9FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application's failure to properly sanitize user-supplied input thru the 'msg' parameter (GET) in pluginInstall.php script. An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing, as well as other attacks.
4b4dab0df321f565a9ff46178b0c3e27FaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' POST parameter in pingTest PHP script.
dd18875e9898a4dc1ba25878fabbd4acFaceSentry Access Control System version 6.4.8 suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user via the 'strInIP' and 'strInPort' parameters (POST) in pingTest and tcpPortTest PHP scripts.
199e4f309260b0968b822e4736a02fc7SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.GroupMgr.php.
efab9c0a2c9907f8dd00137f56bab316SeedDMS versions prior to 5.1.11 suffers from persistent cross site scripting vulnerability in out.UsrMgr.php.
c5f95efb508f1b497856340ab872055aDebian Linux Security Advisory 4468-1 - A path traversal vulnerability due to an unsanitized POST parameter was discovered in php-horde-form, a package providing form rendering, validation, and other functionality for the Horde Application Framework. An attacker can take advantage of this flaw for remote code execution.
8986d8b459935d9effe1ace9426849dbThis Metasploit module exploits a command execution vulnerability in AROX School-ERP. "import_stud.php" and "upload_fille.php" do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system.
535708ae0f4586c8a0feda2390f4b619WebLord WL-Nuke Coppermine for PHP-Nuke version 1.3.1c suffers from a remote SQL injection vulnerability.
3f432015c33a468b733bff06ec61ce49Ubuntu Security Notice 4009-2 - USN-4009-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that PHP incorrectly decoding certain MIME headers. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. Various other issues were also addressed.
ab60086f80ef9a8e14e53528324d4180
© 2019 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed