CVE-2024-8856 is a security vulnerability found in the WP Time Capsule plugin for WordPress that allows unauthenticated users to upload arbitrary files to the server. This can lead to remote code execution if the uploaded files are executed by the server. The vulnerability arises from insufficient...
Fuxploider is an open source penetration testing tool that automates the process of detecting and exploiting file upload forms flaws. This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious ...
AnUnrestricted File Uploadvulnerability in theThemeEgg ToolKitplugin for WordPress (versions≤ 1.2.9) allowsauthenticated attackersto uploadweb shellsto the server. This can lead toremote code execution (RCE), complete website takeover, and compromise of sensitive data. ...
API: /resource/md/upload Vulnerable source code: ResourceService.java public void mdUpload(MdUploadRequest request, MultipartFile file) { FileUtils.uploadFile(file, FileUtils.MD_IMAGE_DIR, request.getId() + "_" + request.getFileName()); } To Reproduce I have tested this vulnerability on the...
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file. References https://nvd.nist.gov/vuln/detail/CVE-2023-23328 https://github.com/superkojiman/vulnerabilities/blob/master/Avan...
This tool is able to detect the file types allowed to be uploaded and is able to detect which technique will work best to upload web shells or any malicious file on the desired web server. Screenshots Installation You will need Python 3.6 at least. git clone https://github.com/almandin/...
Hello, It appears there is a remote file upload vulnerability in kindeditor<= 4.1.12 specifically in kindeditor/php/upload_json.php. The file doesn't sanitize user input or check that a user should be uploading arbitrary files to the sys...
Ferozo Webmail version 1.1 is vulnerable to Cross-Site Scripting (XSS) through the file upload functionality. An attacker can exploit this vulnerability by uploading a specially crafted file containing malicious JavaScript code. When the file is processed or viewed within the application, the embedded...
Exploit file upload vulnerability getshell Vulnerability details: In the administration backend, you can upload malicious builds of zip files in the plugin administration page. Vulnerability url: http://127.0.0.1/po-admin/admin.php?mod=c...
Name Last commit message Last commit date Latest commit Cannot retrieve latest commit at this time. History 122 Commits payloads .gitignore Dockerfile LICENSE.md README.md UploadForm.py fuxploider.py mimeTypes.advanced mimeTypes.basic requirements.txt ...