Vulhub Logo
Vulhub

Vulnerable Environments

Browse our collection of pre-built vulnerable environments for security research and education. Each environment is containerized with Docker and comes with detailed documentation.

16 Results in CMS

RCECMS

CraftCMS Yii Class Injection Remote Code Execution

Explore the CraftCMS Yii Class Injection Remote Code Execution vulnerability and learn how to exploit it.

CVE-2025-32432
Created 18 days ago
RCECMS

CraftCMS ConditionsController Pre-Auth Remote Code Execution

Explore the CraftCMS ConditionsController Pre-Auth Remote Code Execution vulnerability and learn how to exploit it.

CVE-2023-41892
Created 10 months ago
RCECMS

CraftCMS register_argc_argv Leads to Remote Code Execution

Explore the CraftCMS register_argc_argv Leads to Remote Code Execution vulnerability and learn how to exploit it.

CVE-2024-56145
Created a year ago
Auth BypassCMS

Joomla 4.2.7 Permission Bypass

Explore the Joomla 4.2.7 Permission Bypass vulnerability and learn how to exploit it.

CVE-2023-23752
Created 3 years ago
SQL InjectionCMS

ECShop 4.x collection_list SQL Injection

Explore the ECShop 4.x collection_list SQL Injection vulnerability and learn how to exploit it.

N/A
Created 4 years ago
RCEDeserializationCMS

Drupal Core 8 PECL YAML Deserialization Remote Code Execution

Explore the Drupal Core 8 PECL YAML Deserialization Remote Code Execution vulnerability and learn how to exploit it.

CVE-2017-6920
Created 7 years ago
XSSFile UploadCMS

Drupal Cross-Site Scripting by File Upload

Explore the Drupal Cross-Site Scripting by File Upload vulnerability and learn how to exploit it.

CVE-2019-6341
Created 7 years ago
RCEDeserializationCMS

Drupal Remote Code Execution by phar deserialization

Explore the Drupal Remote Code Execution by phar deserialization vulnerability and learn how to exploit it.

CVE-2019-6339
Created 7 years ago
RCECMS

Drupal Drupalgeddon 3 Authenticated Remote Code Execution

Explore the Drupal Drupalgeddon 3 Authenticated Remote Code Execution vulnerability and learn how to exploit it.

CVE-2018-7602
Created 7 years ago
SQL InjectionCMS

Magento 2.2 SQL Injection

Explore the Magento 2.2 SQL Injection vulnerability and learn how to exploit it.

N/A
Created 7 years ago
SQL InjectionRCECMS

ECShop 2.x/3.x SQL Injection/Arbitrary Code Execution

Explore the ECShop 2.x/3.x SQL Injection/Arbitrary Code Execution vulnerability and learn how to exploit it.

N/A
Created 7 years ago
SQL InjectionCMS

Drupal < 7.32 "Drupalgeddon" SQL Injection

Explore the Drupal < 7.32 "Drupalgeddon" SQL Injection vulnerability and learn how to exploit it.

CVE-2014-3704
Created 7 years ago
RCECMS

Drupal Drupalgeddon 2 Unauthenticated Remote Code Execution

Explore the Drupal Drupalgeddon 2 Unauthenticated Remote Code Execution vulnerability and learn how to exploit it.

CVE-2018-7600
Created 8 years ago
DeserializationRCECMS

Joomla 3.4.5 Deserialization

Explore the Joomla 3.4.5 Deserialization vulnerability and learn how to exploit it.

CVE-2015-8562
Created 8 years ago
RCECMS

Wordpress 4.6 Arbitrary Command Execution (PwnScriptum)

Explore the Wordpress 4.6 Arbitrary Command Execution (PwnScriptum) vulnerability and learn how to exploit it.

N/A
Created 8 years ago
SQL InjectionCMS

Joomla 3.7.0 SQL Injection

Explore the Joomla 3.7.0 SQL Injection vulnerability and learn how to exploit it.

CVE-2017-8917
Created 9 years ago