This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.
7c33e20f3f1e07af9b1f4641460e7354PHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
a76b7516f7ee7034ed0e11633425eb87WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.
c39ac90e0b404ac71d25decc4f495aecThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
77c5903183e5519dfd6d1477ae0018a4Whitepaper called Practical PHP Security.
ba9dacc8d65da0f08072dc4b5e4512f6WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.
b411262c32d42ec1cbf7382e1a8f4a37qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
59a37dff15f2cdae915eeb5509b2b6a3Gentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
96e08b0d750daa800cc55885a3ab17ecThis Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
72ff1d9e5912a41c8347d8d1f28bc5ddThis Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.
8575b651a2e17e6d64eb04ca924071afOnline Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
208efcea716842d4864b2ad444c630e5Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.
f1a1446475423ccf2da04b2a71a635daOnline Bus Booking System Project using PHP MySQL version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ac5a96c53a70bbf801b09b3978043c7fOnline Voting System Project in PHP suffers from a persistent cross site scripting vulnerability.
89b15c6e9643f5e189ef4b32f2c59242Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.
15b6e660f7ec10e7b1caf283b0e647faOnline Job Portal in PHP/PDO version 1.0 suffers from a remote SQL injection vulnerability.
cb398e4945a60c2e520ea688340416bbThis Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "json_encode_safe()" is not used in config/databasebackend.inc. Successful exploitation grants attackers the ability to execute arbitrary commands on the underlying operating system as root.
5db0392e6b4ca81a678c8e7564a34918This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrary PHP code to be uploaded first as a png then renamed to php and executed.
53dc99d870452eb23bdf7882ccb0c3e3Online Doctor Appointment Booking System PHP and MySQL version 1.0 suffers from a remote SQL injection vulnerability.
3e8e325ed4abf3f78a52effcfddad10fThis Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileupload. The server will rename this file to a random string. The module will therefore attempt to change the filename back to the original name via an HTTP POST request to /admin/file-manager/rename. For the php target, the payload is embedded in the uploaded file and the module attempts to execute the payload via an HTTP GET request to /storage/file_name.
b1586e133ec28d35e83ec172e95fe1d0The WordPress File Manager (wp-file-manager) plugin versions 6.0 through 6.8 allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory.
33be7d7b4c3915b9705e403be54c86a0Nagios XI version 5.7.3 mibs.php remote command injection exploit.
8e729d2d07e2d318addb68643737cde7Ubuntu Security Notice 4583-2 - USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. Various other issues were also addressed.
8943172472289400ae6eeaa13c5ed52bUbuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.
f6fae5027be9e5b089b950f64fd8d5abVisitor Management System in PHP version 1.0 suffers from an authenticated remote SQL injection vulnerability.
8033f7aca5a8c9fe62862c58e36e983e
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed