Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Exploits - exploit.company
header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

appRain CMF v0.1.5 – Multiple Web Vulnerabilities

A SQL Injection vulnerability is detected on the appRain CMF v0.1.5. The bug allows an remote attacker to inject/execute own sql statements over the vulnerable param request. Successful exploitation of the bug can lead to dbms & cms compromise. A non-persistent cross site scripting vulnerability is detected on appRain CMF v0.1.5. The vulnerability allows remote attackers to hijack skype customer sessions via cross site scripting. Successful exploitation of the client-side vulnerability can result in session hijacking & account steal (user/customer/moderator/administrator).

appRain CMF Multiple Cross-Site Request-Forgery Vulnerabilities

appRain CMF is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. An attacker can craft a malicious HTML page that contains a form with hidden fields and submit it to the vulnerable application. The application will then process the form and perform the specified actions.

appRain CMF Arbitrary PHP File Upload Vulnerability

This module exploits a vulnerability found in appRain's Content Management Framework (CMF), version 0.1.5 or less. By abusing the uploadify.php file, a malicious user can upload a file to the uploads/ directory without any authentication, which results in arbitrary code execution.

Recent Exploits: