The Dotclear version 2.29 is vulnerable to remote code execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to upload and execute malicious scripts on the server, leading to unauthorized access and control over the system. This vulnerability has been discovered by Ahmet Γmit BAYRAM on 26.04.2024.
The GUnet OpenEclass E-learning platform version 3.15 allows unrestricted file upload through the 'certbadge.php' file, which can be exploited by an attacker to upload malicious files. This vulnerability has been assigned the CVE-2024-31777.
The vulnerability allows for pre-authenticated Remote Code Execution (RCE) on Compuware iStrobe Web version 20.13. By exploiting this vulnerability, an attacker can upload a webshell through a web upload form, utilizing path traversal and arbitrary file upload (.jsp files). The specific vulnerable parameter is 'fileName' which can be manipulated to upload a webshell.
The vulnerability allows unauthenticated attackers to upload arbitrary files leading to remote code execution. An attacker can exploit this vulnerability by uploading a malicious file containing PHP code. This vulnerability has a CVE assigned: CVE-2024-XXXXX.
Wallos, a subscription management system, is vulnerable to a file upload RCE exploit. By manipulating the file upload functionality, an authenticated attacker can upload a malicious .php file containing a web shell. This allows them to execute arbitrary commands on the target system.
Petrol Pump Management Software v1.0 is vulnerable to Remote Code Execution (RCE) due to a file upload flaw. An attacker can upload a malicious payload to the logo Photos parameter in the web_crud.php component, allowing them to execute arbitrary code on the server. By exploiting this vulnerability, an attacker can potentially take full control of the application.
Tourism Management System v2.0 is vulnerable to arbitrary file upload due to insufficient input sanitization. An attacker can exploit this vulnerability to upload malicious files to the server.
The vulnerability allows an attacker to upload arbitrary files to the server using the Wordpress Theme Travelscape v1.0.3. This could lead to remote code execution and compromise the website. This vulnerability has been assigned CVE-ID: CVE-2024-XXXX.
Lot Reservation Management System allows unauthenticated users to upload files, leading to remote code execution. This could potentially result in unauthorized access to the system and sensitive information.
The DataCube3 version 1.0 allows attackers to perform remote code execution through an unrestricted file upload vulnerability. By exploiting this flaw, an attacker could upload malicious files to the server, leading to the execution of arbitrary code. This vulnerability has been assigned CVE-2024-25830 and CVE-2024-25832.
Services By CQR