header-logo
Suggest Exploit
explore-vulnerabilities

Explore Vulnerabilities

Version
Year

Explore all Exploits:

Backdrop CMS 1.27.1 – Authenticated Remote Command Execution (RCE)

The Backdrop CMS version 1.27.1 is vulnerable to authenticated remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This could lead to unauthorized access, data theft, and further compromise of the system. This exploit was authored by Ahmet Ümit BAYRAM.

Dotclear 2.29 – Remote Code Execution (RCE)

The Dotclear version 2.29 is vulnerable to remote code execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to upload and execute malicious scripts on the server, leading to unauthorized access and control over the system. This vulnerability has been discovered by Ahmet Ümit BAYRAM on 26.04.2024.

CMSimple 5.15 – Remote Command Execution

The vulnerability allows an attacker to execute arbitrary commands on the target system by uploading a malicious PHP file. By appending ",php" to the end of the Extensions_userfiles field in the CMS Settings, an attacker can upload a shell.php file via the Media section and access it remotely.

FreePBX 16 – Authenticated Remote Code Execution (RCE)

The FreePBX versions 14, 15, and 16 are vulnerable to an Authenticated Remote Code Execution (RCE) exploit. By exploiting this vulnerability, an attacker can execute arbitrary code on the target system. This exploit allows an attacker to execute commands on the target system, potentially leading to a full compromise.

ElkArte Forum 1.1.9 – Remote Code Execution (RCE) (Authenticated)

An authenticated remote code execution vulnerability exists in ElkArte Forum version 1.1.9. By uploading a malicious PHP file via the theme installation feature, an attacker can execute arbitrary commands on the server, leading to a compromise of the system.

Recent Exploits: