The Backdrop CMS version 1.27.1 is vulnerable to authenticated remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This could lead to unauthorized access, data theft, and further compromise of the system. This exploit was authored by Ahmet Ümit BAYRAM.
The Serendipity 2.5.0 allows remote attackers to execute arbitrary code via crafted input in a filename parameter in a serendipity_admin.php mediaFileUpload action. This vulnerability was discovered by Ahmet Ümit BAYRAM on 26.04.2024.
The Dotclear version 2.29 is vulnerable to remote code execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to upload and execute malicious scripts on the server, leading to unauthorized access and control over the system. This vulnerability has been discovered by Ahmet Ümit BAYRAM on 26.04.2024.
The WBCE CMS version 1.6.2 allows remote attackers to execute arbitrary code via a crafted request. By uploading a malicious file, an attacker can execute commands on the server remotely.
The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.
The appRain CMF 4.0.5 allows remote attackers to execute arbitrary code via an authenticated user uploading a crafted file containing PHP code.
The Monstra CMS 3.0.4 allows remote attackers to execute arbitrary code via crafted PHP code in a .chunk.php file.
The exploit allows remote attackers to execute arbitrary commands on the target system by creating a malicious module in Backdrop CMS version 1.27.1.
Chyrp 2.5.2 is vulnerable to stored cross-site scripting (XSS) due to improper sanitization of user-supplied data. An attacker can inject malicious scripts into the 'Title' field, leading to the execution of arbitrary code in the context of the user's browser. This vulnerability has been assigned CVE-ID: N/A.
The exploit allows an authenticated attacker to execute arbitrary commands on the target system. By uploading a PHP shell through the 'uploadedfile' parameter in the 'index.php' script, the attacker can run system commands via the 'cmd' parameter in the uploaded PHP shell.
Services By CQR