Tag

Web-Shell

5 briefs RSS

Sunnet CTMS/CPAS Arbitrary File Upload Vulnerability (CVE-2026-7490)

A privileged remote attacker can exploit CVE-2026-7490 in Sunnet CTMS and CPAS to upload and execute web shell backdoors, leading to arbitrary code execution on the server.

CTMS +1 arbitrary-file-upload web-shell code-execution

2r 3t 1c 2d ago

critical advisory

Borg SPM 2007 Arbitrary File Upload Vulnerability (CVE-2026-6885)

2 rules 1 TTP 1 CVE

An unauthenticated remote attacker can exploit an arbitrary file upload vulnerability (CVE-2026-6885) in Borg SPM 2007 to upload and execute web shell backdoors, leading to arbitrary code execution on the server.

SPM 2007 file-upload web-shell code-execution

2r 1t 1c 1w ago

critical advisory

FlowiseAI File Upload Validation Bypass Leads to RCE

2 rules 2 TTPs 1 CVE

A file upload validation bypass vulnerability exists in FlowiseAI, where the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type, enabling an attacker to upload .js files, store malicious Node.js web shells on the server, and potentially achieve Remote Code Execution (RCE).

flowiseai file-upload rce web-shell

2r 2t 1c 2w ago

medium threat

Potential Web Shell ASPX File Creation

2 rules 1 TTP

The creation of ASPX files in web server directories, excluding legitimate processes, indicates potential web shell deployment for persistence on Windows systems.

exploited SharePoint web-shell persistence windows

2r 1t Dec 14, 2024

low advisory

Uncommon Destination Port Connection by Web Server on Linux

2 rules 4 TTPs

The rule identifies unusual outbound network connections on non-standard ports originating from web server processes on Linux systems, indicative of potential web shell activity or unauthorized communication.

Elastic Defend persistence execution command-and-control web shell linux

2r 4t Jan 9, 2024