Ünsal Furkan Harani

3 exploits Active since Jan 2026
CVE-2026-44403 EXPLOITDB HIGH text WORKING POC
Wing FTP Server 8.1.2 Authenticated Remote Code Execution via Session Serialization
Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the domain admin mydirectory field. Attackers can exploit unsafe serialization of session values into Lua source code without proper escaping of closing delimiters, causing the injected code to be executed when the poisoned session is loaded via loadfile().
CVSS 7.2
CVE-2022-50912 EXPLOITDB CRITICAL text WRITEUP
ImpressCMS 1.4.4 - Unrestricted File Upload via Weak Extension Sanitization Bypass
ImpressCMS 1.4.4 contains a file upload vulnerability with weak extension sanitization that allows attackers to upload potentially malicious files. Attackers can bypass file upload restrictions by using alternative file extensions .php2.php6.php7.phps.pht to execute arbitrary PHP code on the server.
CVSS 9.8
EIP-2026-114675 EXPLOITDB text WORKING POC
aaPanel 6.6.6 - Privilege Escalation & Remote Code Execution (Authenticated)