Vulhub Logo
Vulhub

Vulnerable Environments

Browse our collection of pre-built vulnerable environments for security research and education. Each environment is containerized with Docker and comes with detailed documentation.

15 Results in CMS

RCECMS

CraftCMS ConditionsController Pre-Auth Remote Code Execution

Explore the CraftCMS ConditionsController Pre-Auth Remote Code Execution vulnerability and learn how to exploit it.

CVE-2023-41892
Created 2 days ago
RCECMS

CraftCMS register_argc_argv Leads to Remote Code Execution

Explore the CraftCMS register_argc_argv Leads to Remote Code Execution vulnerability and learn how to exploit it.

CVE-2024-56145
Created 3 months ago
Auth BypassCMS

Joomla 4.2.7 Permission Bypass

Explore the Joomla 4.2.7 Permission Bypass vulnerability and learn how to exploit it.

CVE-2023-23752
Created 2 years ago
SQL InjectionCMS

ECShop 4.x collection_list SQL Injection

Explore the ECShop 4.x collection_list SQL Injection vulnerability and learn how to exploit it.

N/A
Created 4 years ago
RCEDeserializationCMS

Drupal Core 8 PECL YAML Deserialization Remote Code Execution

Explore the Drupal Core 8 PECL YAML Deserialization Remote Code Execution vulnerability and learn how to exploit it.

CVE-2017-6920
Created 6 years ago
XSSFile UploadCMS

Drupal Cross-Site Scripting by File Upload

Explore the Drupal Cross-Site Scripting by File Upload vulnerability and learn how to exploit it.

CVE-2019-6341
Created 6 years ago
RCEDeserializationCMS

Drupal Remote Code Execution by phar deserialization

Explore the Drupal Remote Code Execution by phar deserialization vulnerability and learn how to exploit it.

CVE-2019-6339
Created 6 years ago
RCECMS

Drupal Drupalgeddon 3 Authenticated Remote Code Execution

Explore the Drupal Drupalgeddon 3 Authenticated Remote Code Execution vulnerability and learn how to exploit it.

CVE-2018-7602
Created 6 years ago
SQL InjectionCMS

Magento 2.2 SQL Injection

Explore the Magento 2.2 SQL Injection vulnerability and learn how to exploit it.

N/A
Created 6 years ago
SQL InjectionRCECMS

ECShop 2.x/3.x SQL Injection/Arbitrary Code Execution

Explore the ECShop 2.x/3.x SQL Injection/Arbitrary Code Execution vulnerability and learn how to exploit it.

N/A
Created 7 years ago
SQL InjectionCMS

Drupal < 7.32 "Drupalgeddon" SQL Injection

Explore the Drupal < 7.32 "Drupalgeddon" SQL Injection vulnerability and learn how to exploit it.

CVE-2014-3704
Created 7 years ago
RCECMS

Drupal Drupalgeddon 2 Unauthenticated Remote Code Execution

Explore the Drupal Drupalgeddon 2 Unauthenticated Remote Code Execution vulnerability and learn how to exploit it.

CVE-2018-7600
Created 7 years ago
DeserializationRCECMS

Joomla 3.4.5 Deserialization

Explore the Joomla 3.4.5 Deserialization vulnerability and learn how to exploit it.

CVE-2015-8562
Created 7 years ago
RCECMS

Wordpress 4.6 Arbitrary Command Execution (PwnScriptum)

Explore the Wordpress 4.6 Arbitrary Command Execution (PwnScriptum) vulnerability and learn how to exploit it.

N/A
Created 7 years ago
SQL InjectionCMS

Joomla 3.7.0 SQL Injection

Explore the Joomla 3.7.0 SQL Injection vulnerability and learn how to exploit it.

CVE-2017-8917
Created 8 years ago