PHP Timeclock version 1.04 suffers from a remote SQL injection vulnerability.
72d88bfd629409e56ac9c276b3ce34ecPHP Timeclock version 1.04 suffers from multiple cross site scripting vulnerabilities.
a9455333f1f9668b13bd1fecc358ec6aThis Metasploit module exploits an OS command injection vulnerability in includes/components/nxti/index.php that enables an authenticated user with admin privileges to achieve remote code execution as the apache user. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios XI 5.7.3 running on CentOS 7.
2df6940f1d406eb594bb234456e3e6f5Fast PHP Chat version 1.3 suffers from a remote SQL injection vulnerability.
a327483a86ab5acaf1b709b62d3c730dThis Metasploit module exploits CVE-2020-5791, an OS command injection vulnerability on Nagios XI versions 5.6.0 through 5.7.3 in admin/mibs.php that enables an authenticated user with admin privileges to achieve remote code execution as either the apache user or the www-data user.
639bef5044c0f11d63a9c893409809f3This Metasploit module exploits a command injection vulnerability in the /admin/monitoringplugins.php page of Nagios XI versions prior to 5.8.0 when uploading plugins. Successful exploitation allows an authenticated admin user to achieve remote code execution as the apache user by uploading a malicious plugin. Valid credentials for a Nagios XI admin user are required. This module has been successfully tested against Nagios versions XI 5.3.0 and 5.7.5, both running on CentOS 7.
91ac1437912ce19fca5580399b1f6625This Metasploit module exploits a vulnerability in the getprofile.sh script of Nagios XI versions prior to 5.6.6 in order to upload a malicious check_ping plugin and thereby execute arbitrary commands. For Nagios XI 5.2.0 through 5.4.13, the commands are run as the nagios user. For versions 5.5.0 through 5.6.5, the commands are run as root. Note that versions prior to 5.2.0 will still be marked as being vulnerable however this module does not presently support exploiting these targets. The module uploads a malicious check_ping plugin to the Nagios XI server via /admin/monitoringplugins.php and then executes this plugin by issuing a HTTP GET request to download a system profile from the server. For all supported targets except Linux (cmd), the module uses a command stager to write the exploit to the target via the malicious plugin. This may not work if Nagios XI is running in a restricted Unix environment, so in that case the target must be set to Linux (cmd). The module then writes the payload to the malicious plugin while avoiding commands that may not be supported. Valid credentials for a user with administrative privileges are required. This module was successfully tested on Nagios XI 5.3.0 and Nagios 5.6.5, both running on CentOS 7. For vulnerable versions before 5.5.0, it may take a significant amount of time for the payload to get back (up to 5 minutes). If exploitation fails against an older system, it is recommended to increase the WfsDelay setting (default is 300 seconds).
c535c12509a747d756650bedc5b31fcaExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.
ef038368400297010e360e1916e2d2feForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.
93c0c401241bf2a388e76209eb207357QCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.
d8f336d29a03cf633ebe23cf5d9ed9a0This Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command execution as the apache user.
2fcde862940be1be38194631a27617e3This Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file will be written to disk with the permissions of the user that PHP is running as, so it may not be possible to overwrite some files if the PHP user is not appropriately privileged.
7c33e20f3f1e07af9b1f4641460e7354PHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
a76b7516f7ee7034ed0e11633425eb87WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however the uploaded shell is left. The shell is uploaded to wp-content/uploads/. The plugin is not required to be activated to be exploitable.
c39ac90e0b404ac71d25decc4f495aecThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
77c5903183e5519dfd6d1477ae0018a4Whitepaper called Practical PHP Security.
ba9dacc8d65da0f08072dc4b5e4512f6WordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote code execution.
b411262c32d42ec1cbf7382e1a8f4a37qdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
59a37dff15f2cdae915eeb5509b2b6a3Gentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
96e08b0d750daa800cc55885a3ab17ecThis Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
72ff1d9e5912a41c8347d8d1f28bc5ddThis Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.
8575b651a2e17e6d64eb04ca924071afOnline Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
208efcea716842d4864b2ad444c630e5Student Management System PHP version 1.0 suffers from a persistent cross site scripting vulnerability.
f1a1446475423ccf2da04b2a71a635daOnline Bus Booking System Project using PHP MySQL version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
ac5a96c53a70bbf801b09b3978043c7fOnline Voting System Project in PHP suffers from a persistent cross site scripting vulnerability.
89b15c6e9643f5e189ef4b32f2c59242
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed