An exploit that allows an attacker to remotely execute commands on an Aurba 501 device. By manipulating the 'ping_ip' parameter in a POST request, an attacker can inject arbitrary commands, leading to unauthorized access.
The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.
FlatPress v1.3 allows remote attackers to execute arbitrary commands via uploading a crafted PHP file. An attacker can exploit this vulnerability by uploading a malicious PHP file and then accessing it to execute arbitrary commands.
WBCE CMS version 1.6.1 is vulnerable to remote command execution. By uploading a malicious file and triggering its execution through the language installation feature, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access, data theft, and other malicious activities. This vulnerability has been assigned CVE-2023-XXXXX.
PopojiCMS version 2.0.1 is vulnerable to remote command execution. By injecting a malicious payload into the Meta Social section under settings, an attacker can execute arbitrary commands on the server. This can lead to unauthorized access and potential data breaches. The exploit allows an attacker to execute system commands, as demonstrated by the payload '<?php echo system('id'); ?>'.
The elFinder Web file manager version 2.1.53 allows remote attackers to execute arbitrary commands via uploading a crafted PHP file that leverages the system function.
CSZ CMS Version 1.3.0 is vulnerable to remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This vulnerability has been assigned CVE-ID: TBD.
The code snippet demonstrates a C program that establishes a socket connection to a remote device with IP address 192.168.1.10 on port 8888. It then sends a command 'id' to the device, which is executed with root privileges. This vulnerability could be exploited by an attacker to remotely execute arbitrary commands on the target device.
The elFinder Web file manager version 2.1.53 allows remote attackers to execute arbitrary commands via an admin panel URL, which can lead to sensitive information disclosure. An attacker can upload a malicious PHP file to the target server and execute system commands, as demonstrated by accessing the /etc/passwd file.
CSZ CMS Version 1.3.0 allows remote attackers to execute arbitrary commands via a crafted request. This vulnerability has a CVE ID of CVE-2023-XXXX.