header-logo
Suggest Exploit

Latest Exploits:

Explore All Exploits
by:
Ahmet Ümit BAYRAM
vendor:
Backdrop CMS
Show More

Backdrop CMS 1.27.1 – Authenticated Remote Command Execution (RCE)

The Backdrop CMS version 1.27.1 is vulnerable to authenticated remote command execution. An attacker can exploit this vulnerability to execute arbitrary commands on the target system. This could lead to unauthorized access, data theft, and further compromise of the system. This exploit was authored by Ahmet Ümit BAYRAM.

6.1
CVSS
HIGH
Remote Command Execution (RCE)
78
CWE
Product Name
Backdrop
Platforms Tested
MacOS
Affected Version
From:
1.27.1
To:
1.27.1
2024
by:
Ahmet Ümit BAYRAM
vendor:
Serendipity
Show More

Serendipity 2.5.0 – Remote Code Execution (RCE)

The Serendipity 2.5.0 allows remote attackers to execute arbitrary code via crafted input in a filename parameter in a serendipity_admin.php mediaFileUpload action. This vulnerability was discovered by Ahmet Ümit BAYRAM on 26.04.2024.

6.1
CVSS
HIGH
Remote Code Execution (RCE)
78
CWE
Product Name
Serendipity
Platforms Tested
MacOS
Affected Version
From:
2.5.2000
To:
2.5.2000
2024
by:
Ahmet Ümit BAYRAM
vendor:
Dotclear
Show More

Dotclear 2.29 – Remote Code Execution (RCE)

The Dotclear version 2.29 is vulnerable to remote code execution (RCE) due to improper input validation. An attacker can exploit this vulnerability to upload and execute malicious scripts on the server, leading to unauthorized access and control over the system. This vulnerability has been discovered by Ahmet Ümit BAYRAM on 26.04.2024.

8.1
CVSS
CRITICAL
Remote Code Execution (RCE)
434
CWE
Product Name
Dotclear
Platforms Tested
MacOS
Affected Version
From:
2.29
To:
2.29
2024
by:
Ahmet Ümit BAYRAM
vendor:
WBCE CMS
Show More

WBCE CMS v1.6.2 – Remote Code Execution (RCE)

The WBCE CMS version 1.6.2 allows remote attackers to execute arbitrary code via a crafted request. By uploading a malicious file, an attacker can execute commands on the server remotely.

8.1
CVSS
CRITICAL
Remote Code Execution (RCE)
94
CWE
Product Name
WBCE CMS
Platforms Tested
MacOS
Affected Version
From:
1.6.2002
To:
1.6.2002
2024
by:
Aldi Saputra Wahyudi
vendor:
Progress
Show More

Sitefinity 15.0 – Cross-Site Scripting (XSS)

A Cross-Site Scripting (XSS) vulnerability was found in Sitefinity CMS versions prior to 15.0.0. The vulnerability exists in all features using SF-Editor in the backend of the CMS. An attacker with lower privileges can insert malicious XSS payloads in the content form, which will be executed when a user with higher privileges, the victim, views the affected page.

4.1
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name
Sitefinity CMS
Platforms Tested
Windows, Linux
Affected Version
From:
Version 0.0.1
To:
Version 15.0.0
2023