Swammers8

2 exploits Active since Nov 2018
CVE-2018-19422 NOMISEC HIGH WORKING POC
Subrion CMS < 4.2.2 - Remote Code Execution via .pht or .phar File Upload
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.
4 stars
CVSS 7.2
CVE-2025-34506 EXPLOITDB HIGH bash WORKING POC
WBCE CMS < 1.6.3 - Authenticated Remote Code Execution via Malicious Module Upload
WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed.
CVSS 8.8