• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-434

CVE-2021-36582

February 23, 2023 by

In Kooboo CMS 2.1.1.0, it is possible to upload a remote shell (e.g., aspx) to the server and then call upon it to receive a reverse shell from the victim server. The files are uploaded to /Content/Template/root/reverse-shell.aspx and can be simply triggered by browsing that URL.

CVE-2021-36622

February 23, 2023 by

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is affected vulnerable to Arbitrary File Upload. The admin panel has an upload function of profile photo accessible at http://localhost/scheduler/admin/?page=user. An attacker could upload a malicious file such as shell.php with the Content-Type: image/png. Then, the attacker have to visit the uploaded profile photo to access the shell.

CVE-2021-36623

February 23, 2023 by

Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.

CVE-2021-36440

February 23, 2023 by

Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the ‘file_url’ parameter in the component AdminUpdateController.class.php’.

CVE-2021-36461

February 23, 2023 by

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.

CVE-2021-36547

February 23, 2023 by

A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 126
  • Go to page 127
  • Go to page 128
  • Go to page 129
  • Go to page 130
  • Interim pages omitted …
  • Go to page 224
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE