A vulnerability in the File Manager (wp-file-manager) plugin for WordPress, version 6.0 to 6.8, allows to unauthenticated remote attackers to upload and execute arbitrary PHP code because.



The root cause is an unsafe renaming of a example elFinder connector file with the php extension.



Successful exploitation of this vulnerability allows attackers to write php files to the wp-content/plugins/wp-file-manager/lib/files/ directory of Wordpress.

The sub_resource_create function of class M_devices in m_devices.php of Open-AudIT 3.2.2 allows remote authenticated users to upload arbitrary PHP files, allowing the execution of arbitrary php code in the system.

Cisco Data Center Network Manager is vulnerable to an authenticated arbitrary file upload, which allows to upload a WAR file to the Apache Tomcat webapps directory.



The Apache Tomcat webapps directory can be determined using a information disclosure vulnerability.



Authentication can be bypassed on versions 10.4(2) and below.

The pdkinstall development plugin is incorrectly enabled in release builds of Atlassian Crowd and Crowd Data Center. An attacker can leverage this vulnerability to install a malicious plugin and execute code in the system.

The TarArchive class blindly extracts tar archives without checking for directory traversals. An attacker can leverage this vulnerability to execute code in the system.

CMS Made Simple allows remote authenticated administrators to execute arbitrary PHP code via command injection using the module import feature in admin/moduleinterface.php

Advantech WebAccess Node is vulnerable to an unauthenticated remote file inclusion, allowing attackers to execute arbitrary code in the system.

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution.



This update fixes vulnerability URLs

D-Link Central WiFiManager has an FTP server listening on port 9000 by default with fixed credentials. This allows to unauthenticated users to upload and execute PHP files in the web root, leading to remote code execution.

CMS Made Simple allows remote authenticated administrators to execute arbitrary PHP code via file upload using admin/moduleinterface.php