header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

CMSimple 5.15 – Remote Command Execution

The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.

WBCE CMS Version 1.6.1 Remote Command Execution

WBCE CMS version 1.6.1 is vulnerable to remote command execution. By uploading a malicious file and triggering its execution through the language installation feature, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access, data theft, and other malicious activities. This vulnerability has been assigned CVE-2023-XXXXX.

PopojiCMS Version 2.0.1 Remote Command Execution

PopojiCMS version 2.0.1 is vulnerable to remote command execution. By injecting a malicious payload into the Meta Social section under settings, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access and potential data breaches. The exploit allows an attacker to execute system commands, as demonstrated by the payload '<?php echo system('id'); ?>'.

TPC-110W Remote Command Execution

The code snippet demonstrates a C program that establishes a socket connection to a remote device with IP address 192.168.1.10 on port 8888. It then sends a command 'id' to the device, which is executed with root privileges. This vulnerability could be exploited by an attacker to remotely execute arbitrary commands on the target device.

Remote Command Execution in elFinder Web file manager Version 2.1.53

The elFinder Web file manager version 2.1.53 allows remote attackers to execute arbitrary commands via an admin panel URL, which can lead to sensitive information disclosure. An attacker can upload a malicious PHP file to the target server and execute system commands, as demonstrated by accessing the /etc/passwd file.

Recent Exploits: