what you don't know can hurt you
Showing 1 - 25 of 4,997 RSS Feed

PHP Files

PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection
Posted Jul 27, 2021
Authored by Faisal Alhadlaq

PHP version 7.3.15-3 suffers from a PHP_SESSION_UPLOAD_PROGRESS session data injection vulnerability.

tags | exploit, php
MD5 | c88e9682c0140b88e53745d1f1516e69
WordPress SP Project And Document Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for lowercase file extensions such as .php, making it possible to upload .pHP files for instance. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/sp-client-document-manager/<user_id>/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24347
MD5 | d73daa7ac6681410691920aff7640598
WordPress Modern Events Calendar Remote Code Execution
Posted Jul 26, 2021
Authored by Ron Jost, Yann Castel, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check of the uploaded file extension. Indeed, by using text/csv content-type in a request, it is possible to upload a .php payload as is is not forbidden by the plugin. Finally, the uploaded payload can be triggered by a call to /wp-content/uploads/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24145
MD5 | 75b29e689541f825031d9308d2c36b24
WordPress Backup Guard Authenticated Remote Code Execution
Posted Jul 21, 2021
Authored by Ron Jost, Nguyen Van Khanh | Site metasploit.com

This Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in Wordpress plugin Backup Guard versions prior to 1.6.0. This is due to an incorrect check of the uploaded file extension which should be of SGBP type. Then, the uploaded payload can be triggered by a call to /wp-content/uploads/backup-guard/<random_payload_name>.php.

tags | exploit, arbitrary, shell, php, file upload
advisories | CVE-2021-24155
MD5 | a13b79ee96d9f6b0f86db446a8c091a9
KevinLAB BEMS 1.0 Authenticated File Path Traversal / Information Disclosure
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 suffers from an authenticated arbitrary file disclosure vulnerability. Input passed through the page GET parameter in index.php is not properly verified before being used to include files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks.

tags | exploit, arbitrary, php
MD5 | 4bc3f448faf6a5df2c5354ab9084063b
KevinLAB BEMS 1.0 Unauthenticated SQL Injection / Authentication Bypass
Posted Jul 20, 2021
Authored by LiquidWorm | Site zeroscience.mk

KevinLAB BEMS version 1.0 suffers from an unauthenticated SQL Injection vulnerability. Input passed through input_id POST parameter in /http/index.php is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code to bypass the authentication mechanism.

tags | exploit, web, arbitrary, php, sql injection
MD5 | 3498bc654a493cbf9b46522829eb067c
Concrete5 8.5.5 Phar Deserialization
Posted Jul 20, 2021
Authored by EgiX | Site karmainsecurity.com

Concrete5 versions 8.5.5 suffer from a logging settings phar deserialization vulnerability. User input passed through the logFile request parameter is not properly sanitized before being used in a call to the file_exists() function at line 91. This can be exploited by malicious users to inject arbitrary PHP objects into the application scope (PHP Object Injection via phar:// stream wrapper), allowing them to carry out a variety of attacks, such as executing arbitrary PHP code. Successful exploitation of this vulnerability requires an administrator account.

tags | advisory, arbitrary, php
advisories | CVE-2021-36766
MD5 | a1fb25a9ba4326669a0ede911fe27d02
Ubuntu Security Notice USN-5006-2
Posted Jul 14, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5006-2 - USN-5006-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, denial of service, php, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-7068, CVE-2020-7071, CVE-2021-21702, CVE-2021-21704, CVE-2021-21705
MD5 | 66293c19cf8113112211326af4be7f4c
Ubuntu Security Notice USN-5006-1
Posted Jul 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5006-1 - It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Various other issues were also addressed.

tags | advisory, remote, denial of service, php
systems | linux, ubuntu
advisories | CVE-2020-7068, CVE-2020-7071, CVE-2021-21702, CVE-2021-21704, CVE-2021-21705
MD5 | d2eaebcf41b9edfd36340798eb2ac873
WordPress wpDiscuz 7.0.4 Shell Upload
Posted Jun 28, 2021
Authored by Hoa Nguyen, Chloe Chamberland | Site metasploit.com

This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin versions from 7.0.0 through 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.

tags | exploit, remote, arbitrary, php, code execution, file upload
advisories | CVE-2020-24186
MD5 | fdf8135289f12d026401f86e91ab3f6d
Lightweight Facebook-Styled Blog Remote Code Execution
Posted Jun 25, 2021
Authored by Maide Ilkay Aydogdu

This Metasploit module exploits the file upload vulnerability of Lightweight self-hosted facebook-styled PHP blog and allows remote code execution.

tags | exploit, remote, php, code execution, file upload
MD5 | 574d24d96494d02754d265cd9346aa85
rConfig Shell Upload
Posted Jun 24, 2021
Authored by Murat Seker, Vishwaraj Bhattrai | Site metasploit.com

This Metasploit module allows an attacker with a privileged rConfig account to start a reverse shell due to an arbitrary file upload vulnerability in /lib/crud/vendors.crud.php.

tags | exploit, arbitrary, shell, php, file upload
MD5 | b0d94160c515ca53615beeeac06c2e14
SuiteCRM Log File Remote Code Execution
Posted Jun 4, 2021
Authored by M. Cory Billington | Site metasploit.com

This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a valid user, as this info is logged. The php code in the file can then be executed by sending an HTTP request to the log file. A similar issue was reported by the same researcher where a blank file extension could be supplied and the extension could be provided in the file name. This exploit will work on those versions as well, and those references are included.

tags | exploit, web, php
advisories | CVE-2020-28328
MD5 | d7acd34cfa8d5f47a3eb69700fe86af1
PHP 8.1.0-dev User-Agentt Remote Code Execution
Posted Jun 3, 2021
Authored by flast101

PHP version 8.1.0-dev remote code execution exploit that leverages a backdoor under the User-Agentt header.

tags | exploit, remote, php, code execution
MD5 | 4a66165091ec5e614d9f7b2d045ffcb8
Cacti 1.2.12 SQL Injection / Remote Command Execution
Posted Jun 2, 2021
Authored by h00die, Leonardo Paiva, Mayfly277 | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is changed within the settings table to a payload, and an update is called to execute the payload. After calling the payload, the value is reset.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2020-14295
MD5 | 96f2d2ce45330fd71491a45ad435fbe4
IPS Community Suite 4.5.4.2 PHP Code Injection
Posted May 31, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.

tags | exploit, arbitrary, php
advisories | CVE-2021-32924
MD5 | 1b4fb4e5987be3d21bd6ca2f13378d32
PHP 8.1.0-dev Backdoor Remote Command Execution
Posted May 31, 2021
Authored by Mayank Deshmukh

PHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor.

tags | exploit, remote, php, proof of concept
MD5 | 68b81a413521d514b1b67f8bde5a5138
Trixbox 2.8.0.4 Remote Code Execution
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.

tags | exploit, shell, php
advisories | CVE-2017-14535
MD5 | b20a34f5709b4607d3383fa6db1f537f
Trixbox 2.8.0.4 Path Traversal
Posted May 28, 2021
Authored by Ron Jost

Trixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.

tags | exploit, php, file inclusion
advisories | CVE-2017-14537
MD5 | ebe53272a318e753d01ffa4b44a12413
Gentoo Linux Security Advisory 202105-23
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-23 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.6 are affected.

tags | advisory, denial of service, php, vulnerability
systems | linux, gentoo
advisories | CVE-2020-7071, CVE-2021-21702
MD5 | c901ca7aca38cb50db1d976d91176118
Gentoo Linux Security Advisory 202105-06
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-6 - Multiple vulnerabilities in the Smarty template engine might allow remote attackers to execute arbitrary PHP code. Versions less than 3.1.39 are affected.

tags | advisory, remote, arbitrary, php, vulnerability
systems | linux, gentoo
advisories | CVE-2021-26119, CVE-2021-26120
MD5 | e9d574b4edef373fcec252f420131a17
PHP 8.1.0-dev Backdoor Remote Command Injection
Posted May 24, 2021
Authored by Richard Jones

PHP version 8.1.0-dev backdoor unauthenticated remote command injection exploit.

tags | exploit, remote, php
MD5 | a54b850535116f4636c38a6855b8cf15
PHP Timeclock 1.04 SQL Injection
Posted May 8, 2021
Authored by Tyler Butler

PHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, php, sql injection
MD5 | 72d88bfd629409e56ac9c276b3ce34ec
PHP Timeclock 1.04 Cross Site Scripting
Posted May 8, 2021
Authored by Tyler Butler

PHP Timeclock version 1.04 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, php, vulnerability, xss
MD5 | a9455333f1f9668b13bd1fecc358ec6a
Nagios XI 5.7.3 Remote Code Execution
Posted Apr 21, 2021
Authored by Chris Lyne, Erik Wynter | Site metasploit.com

This Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.

tags | exploit, remote, php, code execution
systems | linux, osx, centos
advisories | CVE-2020-5792
MD5 | 2df6940f1d406eb594bb234456e3e6f5
Page 1 of 200
Back12345Next

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    1 Files
  • 25
    Jul 25th
    1 Files
  • 26
    Jul 26th
    21 Files
  • 27
    Jul 27th
    8 Files
  • 28
    Jul 28th
    9 Files
  • 29
    Jul 29th
    12 Files
  • 30
    Jul 30th
    9 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close