categories
tags
Rce·File Upload Bypass·Command Injection
·
Rce·File Upload Bypass·misconfiguration
Unauthenticated RCE in CKFinder via Null Byte Injection Vulnerability
A real-world pre-auth RCE chain: exposed CKFinder with no authentication, null byte filter bypass to upload a .cfm webshell, and OS command execution via ColdFusion cfexecute. Full PoC walkthrough.
2026-06-07
24
1
5 min read
Rce·File Upload Bypass·Command Injection
·
Rce·CMS·File Upload Bypass
EspoCRM v9.3.4 Authenticated Remote Code Execution via Malicious Extension Upload
Explore the technical analysis of the Authenticated Remote Code Execution (RCE) vulnerability in EspoCRM <= v9.3.4. Learn how malicious extension uploads can lead to full OS command execution and find mitigation strategies. Official PoC and exploit details included.
2026-04-13
293
1
3 min read
Rce·File Upload Bypass·Authentication Bypass
·
Rce·File Upload Bypass
Exploiting Flask Authentication and RCE Vulnerabilities – Chain Lab Writeup
Learn how to exploit Flask authentication and remote code execution (RCE) vulnerabilities in the Chain Lab challenge on CyberExam. This step-by-step writeup demonstrates bypassing Flask session authentication, uploading a reverse shell payload, and gaining full control over the system.
2024-12-02
8465
11
4 min read
CVE·File Upload Bypass
·
CVE·File Upload Bypass
CVE-2024-11404: Medium Severity File Upload Vulnerabilities in django-filer 3.2.3
Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3.
2024-11-20
4836
2
5 min read